Win7 Tips: Use Group Policy to prevent unfamiliar u disk boot

Using a personal computer must use U disk frequently, as a convenient temporary storage device, U disk is our indispensable means of file exchange, set as a temporary File storage devices, but also pose a great threat to personal computer data, not only the danger of virus transmission, but also may lead to vicious incidents such as theft, plagiarism.

Is there any way to make the system use only the specified U disk or mobile hard disk, and prohibit other U disk?

We can do this through Group Policy. By setting it, the system can only use the specified USB flash drive.

Note:

— This function is implemented by blocking the installation of the driver of the mobile storage device with unknown hardware ID through the limitation of group policy, so as to prevent its use.

—For a removable storage device that is already in use and running on this computer, simply uninstall its driver on the device manager and insert it later, as it prevents the driver from installing. Block the purpose of startup.

Implementation steps:

Step 1: Insert your U disk first, let the system use the U disk normally, then enter the “Control Panel” and open the “Device Manager”. & rdquo;, in the expansion "disk drive", you can see that there is your U disk.

Step 2: Click the right mouse button to select “Properties>, click on the “details" tab in the pop-up "Properties" window, and then on the device"properties" In the drop-down box, select “Hardware ID”, the following "Value" will appear in the string, this is the hardware ID of your U disk, copy it and save it.

Step 3: You also need to copy the hardware ID of the "Universal Serial Bus Controller" in the "USB Mass Storage Device" in "Device Manager" In the list of "Universal Serial Bus Controllers", find "USB Mass Storage Device", click on the "Details" tab in its "Properties" window to copy its hardware. The ID is also saved.

(Note: You can write down the hardware ID of all your favorite mobile storage devices to avoid unnecessary trouble. Add new removable devices in the future, you can write them separately. Subsequent join)

Step 4: After finding the hardware ID of the U disk, you can implement it through Group Policy.

Search for "Run" in the Start menu, click Run, or go directly to Win+R to open the "Run" window, enter "lded;.gpedit.msc", or in the Rubik's Cube Optimizer's "Utility Tools & rdquo; Open & ldquo; Windows System Toolbox & rdquo;, find group policy.

Expanding “Computer Configuration & Rarr;Management Templates & Rarr; System & Rarr; Device Installation & Rarr; Device Installation Limits & rdquo;

(1) Open the right side of the device to prevent installation of devices not described by other policy settings, select “enabled” in the pop-up window, and then click the “OK” button.

(2) Then turn on “Allow installation of devices that match the following device IDs, set to “Enabled”, click “Show" in the "Options" pane ;, add the hardware ID copied in the third step separately.

Note: The setting of (2) will only take effect if (1) is set to “ Enabled & rdquo;, so that you can disable the USB that the policy does not describe. device.

Setting is successful without restarting. When inserting a new removable storage device (which has never been run on this computer), during the installation of the driver, the following prompt pops up and successfully blocked.

Note: When you need to add a new trusted mobile storage device, just set (1) in the fourth step to “not configured” or “disabled ”, then re-insert the new device, you can start, and then add the hardware ID to (2).

At the end of the day, the setup is risky and the operation should be cautious.