With more and more malicious programs and worms circulating through removable media like thumb drives, it is only natural that you want to restrict or prevent users from installing their own removable devices. Blocking the installation of external removable devices renders them inaccessible and it is particularly helpful in an organization, or like when you are using public hotspots where you leave your machine for short amounts of time to grab a cup of coffee or something.
So if you ever need, here is how you can use the Windows Group Policy Editor to block users from installing removable devices.
Prevent Installation of Removable Devices
Since we are using Group Policy Editor to manage the changes, you need to have a Pro or Enterprise version of Windows and depending on your needs, you can apply the changes to the whole network. First off, press “Win + R,” type
gpedit.msc and press the Enter button to open up the Group Policy Editor.
Once the Group Policy Editor has been opened, navigate to the following location “Computer Configuration –> Administrative Templates –> System –> Device Installation –> Device Installation Restrictions”. Here, find and double-click on the setting “Prevent Installation of Removable Devices.”
The above action will open the removable devices settings window. Here, select the radio button “Enabled” and click on the “OK” button to save the changes.
That’s all there is to do and from this point forward, no user (including the administrator) can install removable devices.
Display a Custom Message
If you want to, you can display a custom message whenever Windows blocks the installation of a removable device. For that, you need to configure the policy “Display a custom message when installation is prevented by a policy setting.”
One thing to keep in mind while configuring this setting is that this policy setting will take priority over all the settings in this group.
Allow Admins to Bypass Restrictions
As you can see, the downside of configuring this setting is that even the administrators are blocked from installing removable devices and this will be a pain at times. Fortunately, you can configure Group Policy and allow administrators to bypass this restriction.
To do that, double-click on the policy “Allow Administrators to Override Device Installation Restriction.”
The above action will open the respective policy settings window. Here, select the option “Enabled” and click on the “OK” button to save the changes. Once you are done with the changes, restart your system and you are good to go.
From this point forward, the administrators can easily override the device installation restrictions without having to mess with Group Policy settings frequently. As a side note, this policy will take precedence over and above all other policies configured in this group (including the restrictions placed above).
Only Allow Installation of Listed Hardware IDs
If you don’t want to block all the installations of the removable devices, you can configure Group Policy to only allow installation of removable devices of only listed hardware IDs. To do that, you need to enable the setting “Allow installation of devices that match any of these device IDs.” While enabling, don’t forget to add the hardware IDs by clicking on the “Show” button.
In case you are wondering, you can easily find your device hardware ID by opening the device manager, right-clicking on the device and selecting the option “Properties.” Here, navigate to the “Details” tab and select “Hardware IDs” from the dropdown list.
That’s all there is to do, and it is that simple to restrict users from installing removable devices using the inbuilt Group Policy Editor. The good thing about the methods shared above is that they just work with simple settings and also eliminate any need for installing third-party software to achieve the same result.
Hopefully, this helps and do comment below sharing your thoughts and experiences about using this simple method to block removable device installations.