This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 10%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello techies,
As the question suggest, I want to disable any usb storage file access, including android / iphone storage, except for charging mode.
So I went into GP editor and browse to Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access and set all below to "Enable"
Removable Disks: Deny execute access
Removable Disks: Deny read access
Removable Disks: Deny write access
While this setting works great for conventional USB storage (e.g. flash drive, thumb drive etc.) but seems it does not have any impact at all if you plugged in your phone; you still able to access phone storage.
Even enabling "All Removable Storage classes: Deny all access" does nothing.
Appreciate for any suggestion. :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 30%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
This might work. I know I've been involved in this in the past we we blocked a lot of devices but it caused issues for a specific user with a fancy dock so I had to dig around that was causing it. It was a good few years back so rusty on the specifics but it was something where we listed specific ID's to block and a quick google came up with this as closest match. Should get you started on the right trail to search up on
Hello there,
Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR, and then locate the DWORD value named ''Start'' on the right-side pane. The default value data of Start is ''3''. Double-click on Start, and set its value data to ''4''.
Restart and check the machine.
By Registry Editor, you just disable the use of USB storage devices, but it won't affect the use of USB mouse, keyboard, and printer on the computer.
------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
Hello all,
The solution is right before my eyes, how I failed to notice and try it we'll save it for another day debate :)
1) [In GPO management or gpedit.msc] Browse to Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access
2) Enable the "WPD Devices: Deny read access".
Enabling it will create two key in registry which explains in detail in this site https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.RemovableStorageAccess::WPDDevices_DenyRead_Access_2
