This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 12%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
For Windows based PCs connected with Windows AD with Group policy, we want to block USB phone tethering. And we have tried following things which seems to be working for some people but not us.
We have applied computer policy to block device installation
System/Device Installation/Device Installation Restrictions > Prevent installation of devices that match any of these device IDs
Device ID "USB\class_e0"
This was described here: https://social.technet.microsoft.com/Forums/en-US/68c09a6a-07ec-47da-b4e1-d5dd325cc57f/prevent-mtp-amp-usb-tethering?forum=w7itprosecurity
I have reviewed the process described here.. https://learn.microsoft.com/en-us/windows/client-management/manage-device-installation-with-group-policy
I am just not sure whether device ID "USB\class_e0" is the correct one or not? Although it appears in device compatible Ids, so I assume it should work.
Also, I check hardware IDs of few phones and all of them have distinct IDs like
device 1 USB\VID_22D9&PID_276A&REV_0404&MI_00 USB\VID_22D9&PID_276A&MI_00
device 2 USB\VID_2717&PID_FF80&REV_0404&MI_00 USB\VID_2717&PID_FF80&MI_00
device 3 USB\VID_04E8&PID_6863&REV_0400&MI_00 USB\VID_04E8&PID_6863&MI_00
Now, when I add the complete device ID, the policy works as expected, i.e. the device is not installed and thus usb tethering now blocked for that particular device. Pls check my current policy screenshot
Can I do block all devices together using something like "USB\VID"?
Or there is something else I am missing here? Pls guide.
Note that I have already tried running “gpupdate /force” in command prompt to ensure it has been applied.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 0%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Hello.
Actually , you can find Device ID in device manager and add these IDs in to GPO. like this picture :
Like these Device IDs :
USB\Class_e0&SubClass_01
USB\Class_ef
USB\Class_06
USB\Class_e0
Each device has its own device ID , you should extract from your network or use this below link that is defined by Microsoft :
Hi,
I checked again, I see that USB\class_e0 lists under connected device in Compatible IDs section. This is good. I already checked this....
Now, the problem is different that, the Compatible device ID of USB\class_e0 is still not working to block device installation even if I follow the same steps to block it using GP Policy.
What could be wrong?