Prevent installation of devices using drivers that match these device setup classesID: oval:org.secpod.oval:def:88021 | Date: (C)2023-03-10 (M)2023-12-12 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to specify a list of device setup class globally unique
identifiers (GUIDs) for device drivers that Windows is prevented from installing. This
policy setting takes precedence over any other policy setting that allows Windows to install
a device.
If you enable this policy setting, Windows is prevented from installing or updating device
drivers whose device setup class GUIDs appear in the list you create. If you enable this
policy setting on a remote desktop server, the policy setting affects redirection of the
specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, Windows can install and update
devices as allowed or prevented by other policy settings.
Fix:
(1) GPO: Computer Configuration\Policies\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices using drivers that match these device setup classes
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClassesRetroactive
Platform: |
Microsoft Windows 11 |