System admins have the ability to prevent/block users’ access to all removable storage media drives. Such restrictions play an important role in the security and safety of a networked environment. And they are very common and most often used inside almost all organizations. Additionally, the tool that helps us create such restrictions is the Group Policy Management Console (GPMC). It is a feature that we add along with the AD DS role installation. That all being said, this article covers a step-by-step guide to preventing domain-joined users’ access to removable storage media drives using group policy in Windows Server 2022.
In our example, the domain controller machine runs Windows Server 2022 Standard. Additionally, we define the group policy directly on an Organizational Unit (OU) that contains the target users. So, we have already created an OU and moved the target user(s) into it.
You may also like to read DNS Server Guides and DHCP Server Articles.
Steps to Prevent Access to Removable Media
With the above scenario in mind, it is a straightforward process to prevent users’ access to removable media.
- Press down the Windows Key + R on your keyboard. It opens the Run dialogue box.
- Type in
gpmc.mscand press the enter. It opens the Group Policy Management (GPM) console.
- On the group policy management console, right-click on the OU that contains the target users. Then, select Create a GPO… from the context menu.
- Type a name for the new GPO. Then, click OK to continue.
- Right-click on the GPO that you created. Then, select Edit from the context menu.
- On the GPM Editor window, expand User Configuration -> Administrative Templates -> System. Then, select the Removable Storage Access folder as shown in the below picture. Finally, double-click on All Removable Storage classes: Deny all access.
- On the GPO configuration window, check the Enabled option. Then, click OK and close the GPM Editor window.
- The GPO configuration is all set throughout the previous steps. However, it will affect only after we perform a group policy update on the client machine or restart it. So, to perform a group policy update, use
gpupdate /forcethe Command Prompt or Run dialogue box.
- Now, if you insert a removable media like a USB drive and try to open it, you will face an error saying the media is not accessible.
That is all with the steps to deny users access to removable storage media using group policy.
To conclude this article, first, we talked about the importance of restricting users’ access and discussed the Group Policy Management tool. Then, we briefly introduced our scenario. Lastly, we covered detailed steps to prevent users’ access to removable storage media.
In the end, as always, I hope you find this article helpful. And feel free to share your thoughts and queries in the comment section.