In all versions of Windows, starting from Windows 7, you can flexibly manage access to external drives (USB, CD / DVD, floppy, tape etc.) using Group Policies (we are not considering a radical way to disable USB ports through BIOS settings). It is possible to programmatically block the use of only USB drives, without affecting such USB devices as a mouse, keyboard, printer, etc (which are not recognized as a removable disk).
The USB device blocking policy will work if the infrastructure of your AD domain meets the following requirements:
Active Directory schema version — Windows Server 2008 or newer;
Note. The set of Group Policies allows to control the installation and use of removable media on Windows appeared only in the AD version 44.
Desktop OSs –Windows 7 or newer.
We are going to restrict the use of USB-drives for all computers in a certain AD container (OU). You can apply the USB block policy to the entire domain, but this will affect the servers and other technological devices. Let’s assume that we want to apply the policy to OU named Workstations. To do it, open the GPO management console (gpmc.msc), right-click on OU Workstations and create a new policy (Create a GPO in this domain and Link it here.)
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.