Share via

timer to disable selected users USB access

Alex Rabbi 66 Reputation points
2024-04-24T11:10:48.8633333+00:00

Hi All,

My company has around 400 to 500 users all using win10.

We have disabled USB using group policy and Intune for all users, but few of them require USB access for official reasons.

I have created a policy to exclude those few users so that they can use USB drivers on that laptop.

I am looking for a solution which enables me to revoke access for users after 3 months without any manual intervention, reason admin team can forget over the time which user have access to USB as users will be moved to different projects and they might not require access to USB.

Not in favour of buying third party tool.

Please suggest if there is a way to achieve this.

Regards,

Alex

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. S.Sengupta 30,176 Reputation points MVP Volunteer Moderator
    2024-04-25T13:10:50.7733333+00:00

    Unfortunately, there isn't a built-in way in Group Policy or Intune to automatically revoke USB access after a specific period of inactivity for Windows 10.

    You can also use the PowerShell command Get-ADUser -filter * -Properties "LastLogonDate" | select name, LastLogonDate to get the last logon date for all domain users.

    If the difference is greater than 3 months (convert to desired timeframe in seconds), the script re-enables USB access for that user by disabling the "Do not allow mass storage devices" policy usingSet-ItemProperty.

    Save the PowerShell script.

    Use Task Scheduler to schedule the script to run periodically.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.