How to Block Removable Media using GPO


Today I am going to tell you how we can Block the external removable media to access. on servers or If required on workstations.

From one of your Active Directory Domain Services domain controllers or from an administrative workstation, open the Group Policy Management Console and link a new GPO to the appropriate target (domain, OU, etc.).

Within the Group Policy Editor, navigate to \Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.

NOTE: If you prefer to set these restrictions on a per-user basis instead of computer-wide, then use the Group Policy path \User Configuration\Policies\Administrative Templates\System\Removable Storage Access.


Note from the above screenshot that we can use Group Policy to limit access to the following device classes:

  • CD and DVD drives. This type of drive uses removable media.
  • Floppy disk drives. This type of drive uses removable media.
  • Removable drives. This type of drive is an external drive connected to the computer using a USB or IEEE 1394 connection. It includes both hard disk drives and flash memory drives.
  • Tape drives. This type of drive uses removable media.
  • Windows Portable Devices. This type of device includes media players, smart phones, and so on.


By far, the most restrictive restriction (pardon the redundancy) is the policy All Removable Storage Classes: Deny All Access. If we enable this policy, as is shown in the following screen capture, then we prevent affected users from mounting ANY class of removable media.

Leave a Reply

Your email address will not be published. Required fields are marked *