Local Group Policy User Configruation not applying

Question

Hello,

we have implemented Local Group Policy Setting at Windows Server 2019 and 2022 to prevent access to removable devices such USB-Sticks & co.

But the user policy configuration doesnt work at all.

gpresult /r says that the policy is being applied, but when the user is logged in, than the USB-Stick is accessible.

When we configure the same policy at the computer configuration, than it works well, the USB-Stick is NOT accessible.

What are we doing wrong?

thx

Answer 1

Hello tugi,

Thank you for posting in Q&A forum.

Based on "But the user policy configuration doesnt work at all.", for the user policy, you should apply the policy to user account object.

Put the user account objects into an OU.
Link the GPO to OU with user account objects.
Edit User Configuration\Policies\Administrative Templates\System\Removable Storage Access.
Run gpupdate force on client with the specific user account logon in the OU above.

For the computer policy, you should apply the policy to computer account object.

Put the computer account objects into an OU.
Link the GPO to OU with computer account objects.
Edit Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.
Run gpupdate force on client with any account logon.

Reference:
https://www.prajwaldesai.com/how-to-disable-usb-devices-using-group-policy/

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

Answer 2

Hello Daisy,

we dont have a AD-Infrastructure, so we cant put the objects in OUs.

We use gpedit.msc to configure the group policies. So we have local group policies in place.

Any ideas for local polcies?

Thx