DISCLAIMER: These instructions are only for the purpose of guidance. They are NOT instructions how to use Windows software and should not be used as such.
Context
To prevent the execution of unmanaged software, we recommend disabling access to USB removable storage.
Procedure
- Click Start, click to expand Windows Administrative Tools folder, and then click Group Policy Management.
- In the console tree, under your domain users folder, locate and right-click the organizational unit folder where you want to create the group policy object and click Create a GPO in this domain, and Link it here....
- In the New GPO dialog, enter "Block USB ports" as the Name and click OK.
- Right-click the GPO and click Edit.
- In the Group Policy Management Editor, you need to choose if you want to deploy the group policy objects through Computer Configuration or User Configuration.
- Under the relevant configuration, click to expand the Policies folder, the Administrative Templates folder, the System folder, and then the Removable Storage Access folder.
- Right-click the All Removable Storage classes: Deny all access policy setting and click Edit.
- Select Enabled, click Apply and OK.
- On the Group Policy Management Editor check that he State column for the policy setting is set to "Enabled".
- You can check your configuration by plugging a USB into a device with the GPO applied and a warning message should appear saying that access is denied.
