This method of protection is especially effective if you are a laptop user and take it from place to place. Likewise, if you usually sign up for one of the notorious LAN Parties, where you take your desktop PC and often leave it unattended, it might be a good idea to block the ports so that no one can plug in a USB stick without your consent, right? Well, let’s see how it’s done, because it’s quite simple.
How to block USB storage from being connected to your PC
For this first method, we will use the Group Policy Editor of Windows, a tool that is only available in the Pro versions of the Microsoft operating system, both in its Windows 10 and Windows 11 versions. The first thing to do is to right-click on the button of startup and select Run. Then type “gpedit.msc” without the quotes and you will access this tool.
In this tool, you need to navigate on the left side to: Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions, and on the right side you need to double click “Prevent installation of removable devices” to change its settings.
In the window that opens, simply check the “Enabled” option and click OK. Restart the computer and that’s it, you’ve already blocked anyone from connecting USB storage drives to your computer, although of course that includes yours. To disable it, you just need to follow these steps again and check the option “Not configured” or “Disabled” to be able to reconnect the USB drives to the PC.
If you don’t have the professional version of the operating system, or if you prefer to block USB ports a bit more permanently, we’ll explain the alternative below, which uses the registry editor The Windows. To open it, return to the Run window (you can also access it by pressing the WIN+R key combination) and type “regedit” without the quotes.
Here you need to navigate in the left menu (or alternatively type or paste in the bar above) to the following registry key:
HKEY_LOCAL_MACHINESOFTWAREpoliciesMicrosoftWindows
Once here, right click on the Windows folder on the left and select New -> Key. A new folder will automatically appear hanging on Windows called “New Key #1” and give you the option to rename it; you have to call her DeviceInstall (This key may already exist, if so, skip this step.) Then right-click on that “folder” you created and press New -> Password again. The new key you need to create should be called Restrictions.
Once done, click on Restrictions and, now in the right part of the window, right-click and select New -> DWORD (32-bit) Value. The new value you created should be called Deny removable devices.
Now double-click on the DenyRemovableDevices key, make sure that on the right side “Base” is selected Hexadecimal, and in the Value data field, change the 0 (zero) which comes by default to 1. Click OK , restart the PC, and you will have blocked the ability to connect storage units to your PC.
To undo this, just follow the same steps you took before and either change the value of this key to 0 or directly delete the keys you created.
How to AUTHORIZE certain USB keys
Both of the above methods will block the ability to connect ANY USB storage device to your PC, but logically, you might want to install your USB flash drive or external hard drive. Don’t worry, because it can be done and, in fact, it’s relatively simple. You need to reopen the local group policy editor that we saw before, and in exactly the same place you will find “Allow installation of devices that match any of these device identifiers”.
Double-click on this option, select “Enabled” and by doing so, the “Show” button will be enabled at the bottom left (below the options). Click on it and another window will open in which you can select the units you want to authorize (logically, these must be connected to the PC at the time of carrying out this configuration).