0

I manage over 500 laptops that need USB write access disabled except to a specific USB drive my company provides.

I know about adding the WriteProtect entry to the registry to prevent write access to all USB drives. This edit works wonderfully but it prevents our USB drive being written to as well. Is there a way to add device IDs to the registry to give those devices Read/Write access (not to be confused with installation permission) while simultaneously keeping all other USB devices as Read only?

If it’s not possible to do through the registry I am also open to the idea of using secure/safe third-party software that could also do the trick.

Edit: I should mention these laptop's are in the field across the country, run Windows 7 Professional, and not apart of any domain.

Improve this question
3
  • See this utility, it says it can disable by device...nirsoft.net/utils/usb_devices_view.html
    – Moab
    Commented Jan 11, 2016 at 18:07
  • Because the USB standards have devices "self identify", it is difficult to lock down ports through software. See gizmodo.com/…. Some companies are resorting to epoxying the ports! slashgear.com/…
    – DrMoishe Pippik
    Commented Jan 11, 2016 at 21:38
  • Well it's not that we want to deny access to USB devices, we only want to deny Write Access to all USB devices, except the one we provide. We deal in PHI, so only our approved USB device is allow to have files written to it. Other USB devices need to be allowed in a read-only mode as to copy data from them, but we don't have control on when and where those USB devices are required to be used.
    – steve
    Commented Jan 11, 2016 at 21:42

1 Answer 1

Reset to default
0

Providing you're using Server 2008 and higher, take a look at the below that can be achieved through group policy.

https://technet.microsoft.com/en-us/library/cc731387.aspx

Improve this answer
1
  • Thank you for your answer, but that is directed towards controlling device installation. I'm looking to control Read/Write access. All USB devices are Read Only with only a specific device ID being Read/Write enabled.
    – steve
    Commented Jan 11, 2016 at 17:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .