what is the best way to disable USB on the network using GPO

Hello Experts.

I want to disable the using of flash drives and disk on keys on my network.
I know that the best way to do this is using GPO.
So i want to know the proper configuration to the GPO.
My DC is server 2008 and the client PC's is windows 7.

Who is Participating?
You can disable USB storage device from group policy. You will need to extend the group policy by importing an administrative template, then the setting to disable usb storage devices will be aavailable just like other settings.

The settings ar available form microsoft from the following link:

you know that certain internal hardware is linked to USB ? for example bluetooth
do you want to disable USB Mice ?
IT_Group1Author Commented:
Hi enachemc

no i just want to disable mass storage devices and portable flash drives
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

The best way to do this would be to remove the ability to install new hardware from all unprivileged accounts. This give you the ability to stop users from connecting not just USB storage devices, but any new HW as it won't allow installation.
IT_Group1Author Commented:
Hi Chev_PCN

can you give me a brief on how to do this ?
In your GMP console:
Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.
Limit the "Load and unload device drivers" to administrator groups only.
IT_Group1Author Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.