Skip to main content


Prevent Specific Devices From Running On Your PC


Whether you operate In a business environment or have a shared home network up and running, It's Inevitable that users will plug their devices (USB or otherwise) Into your computers, and perform tasks accordingly thereafter. For the security & safety of your overall setup, It's Important to only allow devices that you trust, hence In this tutorial, I will show you how to prevent specific devices from running on your PC.


What you're about to read, applies to devices of all types, but for the purpose of this article, I will be referencing a USB Stick, also known as a USB Flash Drive. The fact Is, you never know for sure If a given device that's Inserted Into your computer, Is malicious-free. All It takes, Is one nasty virus to Infect your entire network, thus compromising your critical files to the point of losing access to the lot- all due to a particular user Inserting their Infected USB Flash Drive.

Moreover, anyone can copy your data onto their device, and use the Information against your wishes. As such, to minimize the risk of loss or exposure of sensitive material, It's crucial to Implement a removable media policy, whereby you make a list of devices, and prevent those you don't want accessing your systems.

I will demonstrate how to do this, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education editions. If you're running either of these, then this tutorial will certainly fulfill your needs. So without further delay, let's get this started.

Step One:

When you've made a list of the devices that you want to block, head over to Device Manager by opening the Run menu, entering devmgmt.msc  and hitting OK.


Step Two:

Next, select the device by right-clicking It and choosing Properties. In my case, I will prevent my USB Stick from running on my PC.


Step Three:

Now click on the Details tab and via the drop-down menu, select Class GUID. Under value, copy & paste It Into your favorite text editor. Each device will have It's own GUID, thereby separating It from the rest.


Step Four:

Time to access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK.


Step Five:

The Group Policy Editor will now open, so navigate to the following directory.

Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

Then on the right pane, double-click on Prevent installation of devices using drivers that match these setup classes.


Step Six:

To the left of the Window, click the Enabled radio button, hit the checkbox as outlined In orange and then click the Show button.


Step Seven:

Now In the Value field, enter the GUID of the device(s) that you copied In Step Three above. When done, hit OK.


Step Eight:

To finalize the process, simply click Apply > OK.


Last Step:

Plug In the device(s) that you've blocked Into any USB port, and you'll find that they're not recognized by the operating system, thus not functional. As you can see In the Image below, I've tried accessing my USB Stick and an unavailable error message has been returned. Perfect!


Final Thoughts:

Given that the GUID Is unique to every device, preventing access using this methodology Is very effective Indeed. As mentioned at the beginning of this article, you never know for sure whether a particular device Is malicious-free, hence I strongly suggest plugging unknown devices Into a test computer and grabbing the GUID thereafter.

To reverse the change and have the device functioning as per It's original state, refer to Step Six above, click the Enabled radio button and hit OK.



Comments

Popular posts from this blog

How To Use Sandboxie In Windows 10

When navigating online and downloading & executing applications, clicking on links, visiting websites that you're not familiar with and so forth, your computer Is vulnerable to being Infected with a virus. The last thing you need, Is to have your sensitive files compromised or hit with a nasty piece of malware. To prevent this, In this tutorial, I will show you how to safely perform all the above and more, by using a software named Sandboxie.

Create A Bootable USB Flash Drive

If you have a Bootable ISO Image file of the Windows operating system, obviously the Intention Is to burn It to disc and boot from your PC thereafter. However, optical drives are slowly being phased out In manufacturing & shipping of new computers, so what do you do from here? The alternative Is to create a bootable USB flash drive, and I will show you exactly how It's done. The process Is quite simple, yet a lot of users fail to grasp the concept.


Open The Command Prompt In Any Directory

A very powerful tool native to the Windows platform, Is the Command Prompt that allows users to perform an array of tasks, such as renaming and deleting files & folders, formatting disks and the list goes on. Sometimes, you need to navigate to certain directories by executing commands, which can be a lengthy and somewhat frustrating process. As such, In this tutorial, I will show you how to easily open the Command Prompt In any directory/folder of your choice.