Block USB mass storage via GPO

You can do it using GPO. Please check the below link for step by step instructions for using custom adm template.

Open GPMC – User configuration – Policy – Administrative template – System – Removable storage Access.

Enable deny Read/Write Access.

http://www.petri.co.il/disable_usb_disks_with_gpo.htm#

A lot depends on what version of Server OS you have

This Article should help

http://social.technet.microsoft.com/Forums/windowsserver/en-US/5e10c51a-5d58-4648-8779-aec402efd567/disable-usb-mass-storage-through-gp-across-windows-7-xp-but-usb-keyboard-mouse-should

this question is already answered in EE. See below link for the same.

https://www.experts-exchange.com/questions/28088854/Restricted-USB-Using-Group-Policy.html

Pretty simple really.

In the GPO go to the following:

Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access

You can Deny read and write access in there.  You also might want to consider disabling autoplay also.  This rule applies to all removable like external HD's, Flash drives, phone storage etc.

Take a look at this technet as it illustrates how to accomplish this using Group Policy or Group Policy Preferences. (screenshots included).

http://blogs.technet.com/b/danstolts/archive/2009/01/21/disable-adding-usb-drive-and-memory-sticks-via-group-policy-and-group-policy-preferences.aspx


Will.

Interesting, got it work by applying it to myself as a test. however when I remove myself from the GPO it does not restore the feature. BTW the link to www.petri.co.il was most helpful.

For some GPOs they won't go away unless you specify the opposite option (disable instead of enable, for example). THe image http://www.petri.co.il/images/disable_usb_disks_1.gif shows it about to mention how to re-enable it but it gets cut off and I can't check it at the moment. If you read the description of the GPO it should have the details on how to re-enable it.

Thanks all, WMI filtering, can you share a link how to?