💻/🖥️ Windows 10 - Block USB Ports
| TYPE | AUDIENCE | PRIORITY | COMPLEXITY | EFFORT | COST | UPDATED |
|---|---|---|---|---|---|---|
| Preparation | 🏗️ | ⭐⭐ | ⭐⭐ | 🧑 | 🆓 | 2021-06-17 |
Rationale
One of the most common ways in which networks and computers are compromised is through the introduction of a USB drive which has a virus on it. So if you are not dependent on using USB drives in your organisation, or you can manage to only use USD drives when you provide Administrator password, you can disable USB drive functionality for regular users for better safety.
Instructions
What you should prepare
- Ideally, have 💻-🖥️ Windows 10 - Split Admin and User accounts so that the policy can't be undone by a regular user.
What you should do
Take the following steps to setup a policy to prevent a user from using USB drives. Log in to the user account (i.e. not Admin account) and follow the steps:
- Select the Start button
- Search for and open "Group Policy Editor"
- Navigate through the tree menu to "User Configuration > Administrative Templates > System > Removable Storage Access".
- Find and Click on "All Removable Storage Classes Deny All Access setting" from the list on the right
- Click "Enabled" and "OK"
- Reboot the computer for the policy to take effect.
- Now if you want to connect a USB drive, you'll get the following message:
If you really need to connect a USB drive, you first need to login to the Admin account where the restriction is not enforced.
Sources : Redmond