Restrict access to removable devices is a security practice to prevent someone from copying sensitive data onto USB, CD, or other types of removable devices. This is just work for local access to a system. And restrict access to removable devices physically if some want to copy your files to all removable devices, but it can not protect uploading files to file upload centers or Microsoft One Drive, Google Drive etc…
The process will going to accomplish through Group Policy. The group policy settings will apply to all computer users and prevent access to all types of removable devices and medias that are classified as removable devices.
Restrict Access to Removable Devices in Windows 10
By default in all Windows clients, a user has the ability to copy files to any removable devices without any privilege restriction. So try to restrict access to removable devices in Windows client Windows 10. It works the same for Windows 8.1, 7.
- Open the Group Policy by typing “Gpedit.msc” to the Windows Run and Navigate to Computer Configuration, Administrative Templates, System, Removable Storage Access.
2. All Removable Storage Access are defined clearly. Double click a setting and enable it. For example, you want to prevent that users can not execute any executable files from their removable devices. Double click the Removable Disk Deny Execute Access, then select Enable and click OK to apply changes.
Apply the other settings the same as this one. For USB devices, CD and DVD writers, and others.
3. To apply changes immediately configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.
If you want to enable this policy settings, set the number of seconds. It works in second not minutes. If you don’t reboot the system, it will not take effect, even by updating group policy with “Gpupdate /force” command.
4. Reboot the system and see the result. Plug a USB to your computer and test the settings you have applied through group policy.
Remember: In order to apply Restrict access to removable devices policy to specific user or group, configure it from User Configuration of Group Policy settings.
Hope this will help to protect your data from copying by unwanted users. Feel free to ask your questions about Windows Group Policy through comment area. Or read more articles related to group policy.
It won’t work when you set it by User Configuration.
Hi Beto,
Once update the group policy after applying policy. Troubleshot the group policy if it will not work.
Thanks for the feedback Shais. I tried to set it from both my DC’s GPOs and local GPEDIT. Tried to run gpupdate /force and restart to no avail. It will block the device only if I set through Computer Configuration. Could that be a bug from Win 10. The same GPO works like charm with my Win 7 boxes.
I’m am getting the same results with the User Configuration. This worked just fine in my 2008 R2 domain but in 2012 R2 this is not working. I have worked on it for days now, I believe Microsoft has a Bug..
Didn’t try for win10 but yes, on win 7 it works. Thanks.