We help IT Professionals succeed at work.

Blocking USB port using AD, but need to use WIFI USB

I had applied AD policy which blocked USB port at workstation, but now 1 of the workstation need to use the USB for WIFI USB, is there a way to allow for only WIFI USB but block USB for those thumdrive that can save/copy files?
Comment
Watch Question

Architect
Distinguished Expert 2019
Commented:
When you block USB mass storage, it will block USB storages in any form.

Its not possible to only allow wifi while blocking USB storage

The only possibility could be block USB storages based on there device ID instead of blocking all device classes
But then you would require that every time new storage device arrives, needs to be added in block list with its device ID which is not desirable.
SandeepSr System Administrator

Commented:
You can exclude the single machine from the Group Policy which is getting applied over it that block all USB Ports.

Then manually go in registry on that machine and make this entry changes as mentioned below

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
Changed the value of 'Start' to '4' from '3'

Assuming that User do not have admin rights and cannot access registry editor.


Or else you need to create new GPO for this single machine where all USB Ports will be open and via GPO above registry setting is getting applied over.
MaheshArchitect
Distinguished Expert 2019

Commented:
The one another option could be if you have Symantec \ Mcafee antivirus, you can control USB device with these antivirus

These antivirus softwares are very advanced and you can exclude specific device on specific machines if wanted to easily

Author

Commented:
will try on using ID blocking