what is the best way to disable USB on the network using GPO

Posted on 2011-04-20
Last Modified: 2012-05-11
Hello Experts.

I want to disable the using of flash drives and disk on keys on my network.
I know that the best way to do this is using GPO.
So i want to know the proper configuration to the GPO.
My DC is server 2008 and the client PC's is windows 7.

Question by:IT_Group1
    LVL 12

    Expert Comment

    you know that certain internal hardware is linked to USB ? for example bluetooth
    do you want to disable USB Mice ?

    Author Comment

    Hi enachemc

    no i just want to disable mass storage devices and portable flash drives
    LVL 9

    Expert Comment

    The best way to do this would be to remove the ability to install new hardware from all unprivileged accounts. This give you the ability to stop users from connecting not just USB storage devices, but any new HW as it won't allow installation.

    Author Comment

    Hi Chev_PCN

    can you give me a brief on how to do this ?
    LVL 9

    Expert Comment

    In your GMP console:
    Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.
    Limit the "Load and unload device drivers" to administrator groups only.
    LVL 5

    Accepted Solution

    You can disable USB storage device from group policy. You will need to extend the group policy by importing an administrative template, then the setting to disable usb storage devices will be aavailable just like other settings.

    The settings ar available form microsoft from the following link:

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now