Prevent Installation of Removable Devices

Applies To: Windows Server 2008

You can use this procedure to prevent installation of any removable device.

A device is considered removable when its device driver, or the device driver for the bus to which the device is attached, reports that it is a removable device.

If this policy is enabled, in addition to preventing installation of the affected devices, it also prevents users from updating the device drivers for already installed devices that match the policy.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To prevent installation of removable devices

  1. Open the Group Policy Management Editor. To do so, click Start, and then in the Start Search box, type mmc gpedit.msc.

  2. In the navigation pane, open the following folders: Local Computer Policy, Computer Configuration, Administrative Templates, System, Device Installation, and Device Installation Restrictions.

  3. In the details pane, double-click Prevent installation of removable devices.

  4. Click Enabled.

  5. Click OK to save your changes.

Additional considerations

  • To prevent this policy from affecting a member of the Administrators group, see Allow Administrators to Override Device Installation Restriction Policies.

  • This policy setting takes precedence over any other policy settings that allow a device to be installed. If this policy setting prevents a device from being installed, the device cannot be installed or updated, even if it matches another policy setting that otherwise allows installation of that device.

  • If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active┬áDirectory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active┬áDirectory domain, see Group Policy (