Prevent connection of unauthorized USB-devices?

Is there a way to prevent connection of unauthorized USB-devices? We have Win 7 Pro clients today but will probably upgrade to 8.1 Pro soon. We are running a Windows Server 2008 R2 server enviroment.

I want to:

1. Configure which USB-devices that are allowed
2. Prevent connectivity of unauthorized USB-devices
3. Prevent file copy to and from devices other than authorized encrypted USB thumb drives
4. Only allow charge function when connecting a smartphone
Lene ZachariassenAsked:
Who is Participating?
Ahmad AbuatayaPre-Sales EngineerCommented:
to get this you should have an encryption system in your environment connected across all your system, and it takes long time than what you really think

the easy way to prevent non-allowed USB is to disable the USB port itself from the device manager and you need to input your credentials there as an administrator to enable them again.

there are several vendors providing SW like what you are looking for but as my experience it's very complicated to manage and not friendly use.
Lene ZachariassenAuthor Commented:
Thank you. If I disable the USB-ports in BIOS can I enable connectivity on certain devices? We must be able to connect keyboard, mouse and authorized USB thumb drives.
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

andreasSystem AdminCommented:
For the requirements you have disableing the ports is not a solution.

Then you need special software to accomplish this.

Be aware that your users can bring an identical Thumbdrive (same brand, model and make) and this one will work too then. This kind of USB restriction software will usually look at device Vendor and ID and they are the same for the same product.
Lene ZachariassenAuthor Commented:
Ok. Is it possible to physically lock connected USB-devices like keyboard, mouse etc.?
If it is possible to disable the opportunity to save files from external devices and copy files to external devices via OS security that might be a better solution.
andreasSystem AdminCommented:
Lene ZachariassenAuthor Commented:
Thank you all! I have enabled a GPO on the domain controller that deny access to all removable storage devices for a certain group of users. We will therefore not need any physical USB locks.
Lene ZachariassenAuthor Commented:
Also, to solve the need of using certain USB-devices I will set up a computer outside the domain that can be used with a USB storage device. This way we can control this kind of use when we have the need.
Hm, did you reach your goal? You didn't want to block all usb storage devices and now you do just that.
The GPOs cannot block based on a device ID but only based on a model, so there is no way using GPOs unless all devices that should be allowed are of the same make and model.
Blocking WPD devices (phones) succeeds with that policy? Test that, I am not so sure.

I will soon publish an article and link it here so you can see what is possible with win8.1's task scheduler with a little help of devcon.exe: all you wanted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.