Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately. An attacker could use this feature to launch a program to damage the computer or data on the computer. You can enable the Turn off Autoplay setting to disable the Autoplay feature. Autoplay is disabled by default on some removable drive types, such as floppy disk and network drives, but not on CD-ROM drives. Note: You cannot use this policy setting to enable Autoplay on computer drives in which it is disabled by default, such as floppy disk and network drives. Countermeasure: Configure the Turn off Autoplay setting to Enabled. Potential Impact: Users will have to manually launch setup or installation programs that are provided on removable media.

[cd-rom_and_removable_media_drives/all_drives]

(1) GPO: Computer Configuration\\Administrative Templates\\Windows Components\\AutoPlay Policies\\Turn off Autoplay (2) REG: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer!NoDriveTypeAutoRun