HOWTO: Disable USB drives in Group Policies


By connecting a USB drive to your computer, any user can infect it with malware or copy important information from it. In today's article we will look at how to disable USB drives in Windows 10.
This method works in Windows 10 Pro, Enterprise or Education.


1. Open group policies:

   - In the search bar or in the menu to execute (execute is called with the Win + R keys), enter:
gpedit.msc
and press the Enter key.

Open group policies

2. Open Removable Disks: Deny Execute Access:

   - Open "Computer Configuration" => "Administrative Templates" => "System" => "Removable Storage Access" => in the right pane, open "Removable Disks: Deny Execute Access".

Open Computer Configuration

3. Choose "Enabled" and click "OK":

   - Choose "Enabled" and click "OK". Also put is included in "Removable disks: Deny Read Access" and in "Removable disks: Deny Write Access", they are also found in "Computer configuration" => "Administrative templates" => "System" => "Removable Storage Access".

Choose Enabled and click OK

Also consider using Action1 to block USB ports remotely if:
- You need to perform this action on multiple (hundreds or even thousands) computers simultaneously.
- Some of your endpoints are laptops not connected to corporate network at all times.

Action1 is a cloud-based platform for software deployment, software/hardware inventory, patch management, endpoint configuration and more. It is free with basic functionality.


Other Relevant HOWTOs: