Disable: 'Prevent installation of removable devices' This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: Users are unable to install device drivers for new removable devices and are unable to update device drivers for existing removable devices.

[Enable/Disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesSystemRemovable Storage AccessAll Removable Storage classes: Deny all access (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsRemovableStorageDevices!Deny_All