How to block USB port and CD-ROM in Windows 7 through Group Policy?

windows-7 windows-server-2008 domain group-policy
10,794

By default, Group Policy does not offer a facility to easily disable drives containing removable media, such as USB ports, CD-ROM drives, Floppy Disk drives and high capacity LS-120 floppy drives. However, Group Policy can be extended to use customised settings by applying an ADM template. The ADM template in this article allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used. Import this administrative template into Group Policy as a .adm file. See the link in the More Information section if you are unsure how to do this.

CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policynameusb
KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
EXPLAIN !!explaintextusb
 PART !!labeltextusb DROPDOWNLIST REQUIRED

   VALUENAME "Start"
   ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
   END ITEMLIST
 END PART
END POLICY
POLICY !!policynamecd
KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
EXPLAIN !!explaintextcd
 PART !!labeltextcd DROPDOWNLIST REQUIRED

   VALUENAME "Start"
   ITEMLIST
    NAME !!Disabled VALUE NUMERIC 1 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
   END ITEMLIST
 END PART
END POLICY
POLICY !!policynameflpy
KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
EXPLAIN !!explaintextflpy
 PART !!labeltextflpy DROPDOWNLIST REQUIRED

   VALUENAME "Start"
   ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
   END ITEMLIST
  END PART
END POLICY
POLICY !!policynamels120
KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
EXPLAIN !!explaintextls120
 PART !!labeltextls120 DROPDOWNLIST REQUIRED

   VALUENAME "Start"
   ITEMLIST
    NAME !!Disabled VALUE NUMERIC 3 DEFAULT
    NAME !!Enabled VALUE NUMERIC 4
   END ITEMLIST
  END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
policynamels120="Disable High Capacity Floppy"
explaintextusb="Disables the computers USB ports by disabling the usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the flpydisk.sys driver"
explaintextls120="Disables the computers High Capacity Floppy Drive by disabling the sfloppy.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
labeltextls120="Disable High Capacity Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

Reference: Microsoft

For more information about applying Administrative Template files, including instructions on how to use the above template, download the Microsoft White Paper 'Using Administrative Template Files with Registry-Based Group Policy' from here.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e7d72fa1-62fe-4358-8360-8774ea8db847&displaylang=en

Share:
10,794

Related videos on Youtube

Dawood Said
Author by

Dawood Said

Updated on September 18, 2022

Comments

  • Dawood Said
    Dawood Said over 1 year

    I want to block USB port and CD-ROM access in my organization through domain (GPM). I have Windows 7 on all the computers in the organization and also have Windows Server 2008. How can I do this? I've tried my best but haven't succeeded.

  • Dawood Said
    Dawood Said over 11 years
    brother can you show me the GUI setps?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Folder Redirection GPO setting desktop but not showing it
Wallpaper in Windows 7 locked down by domain group policy?
How to remove programs from the start menu windows 7 client using a GPO managed on window server 2008 r2
Change Date Format for Existing Users on Windows Server 2008R2
Allow users to remove printers via group policy
How to allow access to firewall settings (domain/windows 7)
VERY slow startup in a Windows Domain, why is this?
How to set group policy in windows server 2008 domain?
GPO Printer Deployment Ordering greyed out
Change/Force Left-handed Mouse settings via GPO, or other ways