Q. How can I set USB devices to read-only via Group Policy?

A. In a previous FAQ, I talked about setting USB devices to read-only by setting the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect to 1. To set from Group Policy, you need to create a custom administrative template file. Below is a template file in the ADM format.

CLASS MACHINE
CATEGORY "USB Storage Devices"
POLICY "Write Protect USB Storage"
KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
VALUENAME "WriteProtect"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
Import the policy into a Group Policy Object (GPO) and you will be able to configure the setting as the Figure shows. To view, make sure you don't have Filter On enabled in Windows Server 2008 or disable the "Only show policy settings that can be fully managed" option in pre-2008 GPO editors.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish