This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 57.99999999999999%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hello,
Just a Quick question on How to allow Company approved USB Brand (for Ex: Sandisk) and prevent all other USB brands from accessing.
Upon Investigation, it is possible through hardware ID.
So if the hardware ID is "USB\VID_0781&PID_558C" which is specific to device. can we use just "USB\VID_0781" to have this vendor allowed and block all others.
Thanks,
Shashi Kiran R
Cybersecurity Engineer
Herbalife Ltd
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
In all versions of Windows, starting from Windows 7, you can flexibly manage access to external drives (USB, CD / DVD, floppy, tape etc.) using Group Policies (we are not considering a radical way to disable USB ports through BIOS settings). It is possible to programmatically block the use of only USB drives, without affecting such USB devices as a mouse, keyboard, printer, etc (which are not recognized as a removable disk).
The USB device blocking policy will work if the infrastructure of your AD domain meets the following requirements:
Active Directory schema version — Windows Server 2008 or newer;
Note. The set of Group Policies allows to control the installation and use of removable media on Windows appeared only in the AD version 44.
Desktop OSs –Windows 7 or newer.
We are going to restrict the use of USB-drives for all computers in a certain AD container (OU). You can apply the USB block policy to the entire domain, but this will affect the servers and other technological devices. Let’s assume that we want to apply the policy to OU named Workstations. To do it, open the GPO management console (gpmc.msc), right-click on OU Workstations and create a new policy (Create a GPO in this domain and Link it here.)
reference:http://woshub.com/how-to-disable-usb-drives-using-group-policy/
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best wishes
Vicky
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky