How to prohibit USB USB flash drives and other removable drives in Windows

If you need to make a USB drive to a computer or laptop with Windows 10, 8.1 or Windows 7, you can disable the use of flash drives, memory cards and hard drives using the built-in system tools. Mouse, keyboard and other peripherals that are not a repository will continue to work.

In this manual on how to block the use of USB flash drives and other removable drives using the local group policy editor or registry editor. Also in the section with more information about blocking access via USB to MTP and PTP devices (camera, Android phone, player). In all cases, to perform the described actions, you must have administrator rights in Windows. See also: Bans and locks in Windows, how to put a password for a USB flash drive in BitLocker.

Prohibition of USB connection flash drives using the Local Group Policy Editor

The first way simpler and implies the use of the built-in utility "Local Group Policy Editor". It should be borne in mind that this system utility is not available at the Windows home edition (if you have such an OS version, use the following method).

Steps to block the use of USB drives will be as follows:

1. Press the Win + R keys on the keyboard, enter the gpedit.msc and press ENTER, the local group policy editor opens.
2. If you want to prohibit the use of USB drives for all computer users, go to the Computer Configuration section - Administrative Templates - System - access to removable storage devices. If you want to block access only for the current user, open the same section in the "User Configuration".
3. Pay attention to "Removable Discs: Prohibit Performance", "Removable Discs: Prohibit Record", "Removable Discs: Disable Reading." All of them are responsible for blocking access to USB drives. At the same time, the reading is prohibited not only to view the contents of the flash drive or copying from it, but the other operations (it cannot be written to the drive, the launch of the programs from it will not be performed).

   

4. In order for, for example, to prohibit reading from a USB drive, double click on the "Removable Disc: Disable Read" parameter, set the "Enabled" value and apply the settings. Perform the same for other items you need.

   

This process will be completed on this, and access to USB is blocked. The reboot of the computer is not required, however, if the drive has already been connected at the time of the restrictions on the restrictions, the changes will take effect only after disconnection and re-connection.

How to block using USB flash drives and other removable drives using the registry editor

If your computer does not have a local group policy editor, you can perform the same blocking using the registry editor:

1. Press the Win + R keys on the keyboard, enter the REGEDIT and press ENTER.
2. In the Registry Editor, go to one of the sections: the first - to prohibit the use of USB drives for all users. Second - only for the current user HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows HKEY_CURRENT_USER \ SOFTWARE \ POLICIES \ Microsoft \ Windows
3. Create a Subsection RemovableStorageDevices, and in it - subsection named {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}
4. In this subsection, create the required DWORD32 parameters (even for Windows X64) - with the name Deny_read to ban reading and other operations, DENY_EXECUTE - to prohibit execution, DENY_WRITE - to ban recording on a USB drive.

   

5. Set the value 1 for the created parameters.

The prohibition of using USB flash drives and other removable drives will take effect immediately after making changes (if the drive has already been connected to a computer or laptop at the time of blocking, it will be available before disconnecting and re-connected).

Additional Information

Some additional nuances of blocking access to USB drives that may be useful:

• The methods described above work for removable USB flash drives and disks, but do not work for devices connected via the MTP and PTP protocol (for example, the Android phone store will continue to be accessible). To disable access to these protocols, in the Local Group Policy Editor, in the same section, use the "WPD Device" parameters to ban reading and writing. In the Registry Editor, it will appear as a sub {53f5630d-b6bf-11d0-94f2-00a0c91efb8b}, {6AC27878-A6FA-4155-BA85-F98F491D4F33} and {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE} in the policies RemovableStorageDevices (as described above ) With DENY_READ and / or DENY_WRITE parameters.

  

• In order to further enable the ability to use USB drives in the future, simply delete the created parameters from the registry or set "off" in the previously modified access policies to removable storage devices.
• Another way to lock USB drives is to disable the appropriate service: in the Registry \ CurrentControlSet \ System \ CurrentControlSet \ Services \ CurrentCstrolSet \ System \ USBStRolmes the value of START to 4 and restart the computer. When using this method, the connected flash drives will not even appear in the conductor.

In addition to the built-in system tools, there are third-party programs for blocking the connection of various USB devices to a computer, including advanced tools like USB-LOCK-RP.