We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


restrict usb ports for storage devices

Medium Priority
Last Modified: 2012-06-21

i want to restrict users from accessing usb storage devices from there systems.  we have windows server 2003 domain and windows 2000, xp, vista clients. i got the links how to restrict in workstation as well as in domain through group policies. i am able to do in workstation but i am unable to do it in domain level.

the links are:



please help me.
Watch Question

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
I would create a new Group Policy at domain level as well and avoid using the existing one as well. You have a better view of your organization's policies that way and it is best practice to avoid putting everything under default policy.

If you're trying to restrict the use of the USB drive entirely, then why not just disable it in the BIOS of the workstation, setup a password for system changes prior to deployment to the end user and then just be done with it.


if i disable in BIOS i cant use usb keyboard, mouse and any other USB input devices.

i did all the things as in pretri link. but its not working in domain level.

please help me.
Always have a test OU with test computer and user in place in your AD and ALWAYS test new policies before pushing them to live environment.

Can you please create a test OU, apply the policy there and try ?

Did you use gpupdate/force? computers need to restart to take new policies if the command is not run.
Have you waited for DC replication?
Policies take some time to apply.

Run gpupdate/force amd then gpresult  to view which policies are applied on a client where the policy was applied.


i created test OU and computer and user.
i applied group policy settings and i used gpupdate /force
i have only one DC.

when i am checking for gpresult its not showing the group policy i applied to the OU.

i did the below way:
OU --- properties --- group policy ---- edit --- changed the settings and closed all the windows
gpupdate /forece i used and i tried with the user who's the member of that OU. but its not working. i restarted the client. i logged into the machine before restart and after restart also but no result.

i didnt see the policy name in the list when i used guresult.

Can you test if it is ok in  GPMC? To check if a policy has been applied to a user or computer is to use the gp management console to create a rsop (resultant set of policy) report using the GP Results Wizard for the specific user or computer.

Here is a nice guide to test policies with gpmc and rsop :)


Let us know who it goes  ^^ and if u get errors.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

What is the make/model (brand name) of the workstation, or do you have multiple different systems?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.