Blocking unfamiliar u disk boot, magic group policy

Using a personal computer must always use a U disk, as a convenient temporary storage device, U disk is our indispensable means of file exchange, set as a temporary file storage device, but At the same time, it also poses a great threat to personal computer data, not only the danger of virus transmission, but also malicious events such as theft and plagiarism.

Is there a way to make the system only use the specified U disk or mobile hard disk, and prohibit other U disk?

We can do this through Group Policy. By setting it, the system can only use the specified USB flash drive.

Note:

— This function is implemented by blocking the installation of the mobile storage device with unknown hardware ID through the limitation of Group Policy, so as to prevent its use.

— For a removable storage device that is already in use and running on this computer, simply uninstall its driver on the device manager and insert it later, as it prevents the driver from installing. Block the purpose of startup.

Implementation steps:

Step 1: Insert your U disk first, let the system use the U disk normally, then enter the “Control Panel” and open the “Device Manager”. & rdquo;, in the expansion "disk drive", you can see that there is your U disk.

Step 2: Click the right mouse button to select “Properties", click the “details" label in the pop-up "Properties" window, and then on the device"properties" In the drop-down box, select “Hardware ID”, the following "Value" will appear in the string, this is the hardware ID of your U disk, copy it and save it.

Step 3: You also need to copy the hardware ID of the "Universal Serial Bus Controller" in the "USB Mass Storage Device" in "Device Manager" In the list of "Universal Serial Bus Controllers", find "USB Mass Storage Device", click on the "Details" tab in its "Properties" window to copy its hardware. The ID is also saved.

(Note: You can write down the hardware ID of all your favorite mobile storage devices to avoid unnecessary trouble. Add new removable devices in the future, you can write them separately. Subsequent join)

Step 4: After finding the hardware ID of the U disk, you can implement it through Group Policy.

Search for “Run” in the Start menu, click Run, or go directly to Win+R to open the “Run” window, type “gpedit.msc”, or “Master in Magic Cube Optimization”. Tools & rdquo; Open & ldquo; Windows System Toolbox & rdquo;, find group policy.

Expand “Computer Configuration & Rarr;Management Templates & Rarr; System & Rarr; Device Installation & Rarr; Device Installation Restrictions & rdquo;

(1) Open the right side of the "Do not install the device not described by other policy settings", select "ldquo; enabled" in the pop-up window, and then click the "OK" button.

(2) Then open “Allow installation of devices matching the following device IDs, set to “Enabled”, click “Show” in the "Options" pane ;, add the hardware ID copied in the third step separately.

Note: (2) settings will only take effect if (1) is set to “ Enabled”, so you can disable the USB that the policy does not describe. device.

The setup is successful and no restart is required. When inserting a new removable storage device (which has never been run on this computer), during the installation of the driver, the following prompt pops up and successfully blocked.

Note: When you need to add a new trusted mobile storage device, just set (1) in the fourth step to “not configured” or “disabled ”, then re-insert the new device, you can start, and then add the hardware ID to (2).

Finally, the setting is risky and the operation should be cautious.