Prevent connection of unauthorized USB-devices?

Is there a way to prevent connection of unauthorized USB-devices? We have Win 7 Pro clients today but will probably upgrade to 8.1 Pro soon. We are running a Windows Server 2008 R2 server enviroment.

I want to:

1. Configure which USB-devices that are allowed
2. Prevent connectivity of unauthorized USB-devices
3. Prevent file copy to and from devices other than authorized encrypted USB thumb drives
4. Only allow charge function when connecting a smartphone
Lene ZachariassenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ahmad AbuatayaPre-Sales EngineerCommented:
to get this you should have an encryption system in your environment connected across all your system, and it takes long time than what you really think

the easy way to prevent non-allowed USB is to disable the USB port itself from the device manager and you need to input your credentials there as an administrator to enable them again.

there are several vendors providing SW like what you are looking for but as my experience it's very complicated to manage and not friendly use.
Lene ZachariassenAuthor Commented:
Thank you. If I disable the USB-ports in BIOS can I enable connectivity on certain devices? We must be able to connect keyboard, mouse and authorized USB thumb drives.
andreasSystem AdminCommented:
For the requirements you have disableing the ports is not a solution.

Then you need special software to accomplish this.

Be aware that your users can bring an identical Thumbdrive (same brand, model and make) and this one will work too then. This kind of USB restriction software will usually look at device Vendor and ID and they are the same for the same product.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Lene ZachariassenAuthor Commented:
Ok. Is it possible to physically lock connected USB-devices like keyboard, mouse etc.?
If it is possible to disable the opportunity to save files from external devices and copy files to external devices via OS security that might be a better solution.
andreasSystem AdminCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lene ZachariassenAuthor Commented:
Thank you all! I have enabled a GPO on the domain controller that deny access to all removable storage devices for a certain group of users. We will therefore not need any physical USB locks.
Lene ZachariassenAuthor Commented:
Also, to solve the need of using certain USB-devices I will set up a computer outside the domain that can be used with a USB storage device. This way we can control this kind of use when we have the need.
Hm, did you reach your goal? You didn't want to block all usb storage devices and now you do just that.
The GPOs cannot block based on a device ID but only based on a model, so there is no way using GPOs unless all devices that should be allowed are of the same make and model.
Blocking WPD devices (phones) succeeds with that policy? Test that, I am not so sure.

I will soon publish an article and link it here so you can see what is possible with win8.1's task scheduler with a little help of devcon.exe: all you wanted.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.