Scroll To Top

How to Restrict Access to Removable Devices in Windows 10?

Posted in Articles, MCSA, Windows2 years ago • Written by Shais6 Comments

Restrict access to removable devices is a security practice to prevent someone from copying sensitive data onto USB, CD, or other types of removable devices. This is just work for local access to a system. And restrict access to removable devices physically if some want to copy your files to all removable devices, but it can not protect uploading files to file upload centers or Microsoft One Drive, Google Drive etc…

The process will going to accomplish through Group Policy. The group policy settings will apply to all computer users and prevent access to all types of removable devices and medias that are classified as removable devices.

Restrict Access to Removable Devices in Windows 10

By default in all Windows clients, a user has the ability to copy files to any removable devices without any privilege restriction. So try to restrict access to removable devices in Windows client Windows 10. It works the same for Windows 8.1, 7.

  1. Open the Group Policy by typing “Gpedit.msc” to the Windows Run and Navigate to Computer Configuration, Administrative Templates, System, Removable Storage Access.
Removable Storage Access - Restrict Access to Removable Devices

Removable Storage Access – Restrict Access to Removable Devices

2. All Removable Storage Access are defined clearly. Double click a setting and enable it. For example, you want to prevent that users can not execute any executable files from their removable devices. Double click the Removable Disk Deny Execute Access, then select Enable and click OK to apply changes.

Removable Disk Deny Execute Access

Removable Disk Deny Execute Access

Apply the other settings the same as this one. For USB devices, CD and DVD writers, and others.

3. To apply changes immediately configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a change in access rights to removable storage devices.

Set Time In Seconds to Force Reboot

Set Time In Seconds to Force Reboot

If you want to enable this policy settings, set the number of seconds. It works in second not minutes. If you don’t reboot the system, it will not take effect, even by updating group policy with “Gpupdate /force” command.

4. Reboot the system and see the result. Plug a USB to your computer and test the settings you have applied through group policy.

Remember: In order to apply Restrict access to removable devices policy to specific user or group, configure it from User Configuration of Group Policy settings.

Hope this will help to protect your data from copying by unwanted users. Feel free to ask your questions about Windows Group Policy through comment area. Or read more articles related to group policy.

TAGS: , ,
About this Author

I'm a network and Information Security instructor. Here is my online pictorial notebook. I would like to write and share my experience through this website for computer enthusiasts and technology geeks.

Like us on Facebook
on Facebook

Follow me on Twitter
Follow @technigs on Twitter
Add me on Google+
on Google+

6 Comments so far. Feel free to join this conversation.

  1. BetoApril 7, 2016 at 5:02 pm - Reply

    It won’t work when you set it by User Configuration.

    • Shais
      ShaisApril 7, 2016 at 6:52 pm - Reply

      Hi Beto,
      Once update the group policy after applying policy. Troubleshot the group policy if it will not work.

  2. BetoApril 7, 2016 at 9:35 pm - Reply

    Thanks for the feedback Shais. I tried to set it from both my DC’s GPOs and local GPEDIT. Tried to run gpupdate /force and restart to no avail. It will block the device only if I set through Computer Configuration. Could that be a bug from Win 10. The same GPO works like charm with my Win 7 boxes.

  3. SilasApril 20, 2016 at 1:49 am - Reply

    I’m am getting the same results with the User Configuration. This worked just fine in my 2008 R2 domain but in 2012 R2 this is not working. I have worked on it for days now, I believe Microsoft has a Bug..

  4. ycjackchenSeptember 16, 2016 at 6:04 pm - Reply

    Me too.
    I have tested the USER BASED usb disable.
    The GPO is working on windows 7 but not on windows 10.
    Is there any update?

  5. RameshSeptember 22, 2017 at 1:50 pm - Reply

    Didn’t try for win10 but yes, on win 7 it works. Thanks.

Leave A Response