Logging bugs and feedback Introduction This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install.
Consider the following scenario: You have a computer that is running Windows Vista or Windows Server You enable a Group Policy on the computer to deny write access or to deny read access to removable storage devices.
You insert a removable storage device in the computer. You shut down and then restart the computer. In this scenario, you notice that the removable storage device is disabled and you can no longer access the device after you log on to the computer. Additionally, when you open the Properties dialog box for the device, the following information is displayed under the device status: The device is disabled.
Code 22 If you click the Enable Device button in the Properties dialog box, the device status remains disabled. Note The Group Policy that is described in this scenario can be any of the following: Deny read access Floppy Drives: Deny write access Floppy Drives: Deny read access Removable Disks: Deny write access Removable Disks: Deny read access Tape Drives: Deny write access Tape Drives: Deny read access WPD Devices: Deny write access WPD Devices: Deny read access These Group Policy settings are available in the following path: Hotfix information A supported hotfix is available from Microsoft.
However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing.
Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix. If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article.
If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request.
The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available.
If you do not see your language, it is because a hotfix is not available for that language. Prerequisites To apply this hotfix, you must be running one of the following operating systems: If the ApplyPolicyOnUserLogoff value is set to 1 or if it does not exist, Group Policy changes are processed both when you log on or log off the computer.
Restart requirement You may have to restart the computer after you apply this hotfix.Double-click the policy setting for WPD, (Windows Portable Devices) that corresponds to the kind of restriction you want enforced (for example, double-click WPD Devices: Deny read access if you want to deny read access to your device).
Select the corresponding radio button to Enable or Disable a . Deny read or write access to users for devices that are themselves removable, or that use removable media, such as CD and DVD burners, floppy disk drives, external hard drives, and portable devices such as media players, smart phones, or Pocket PC devices.
Remove Group Policy that blocks USB I have a Group Policy that is set to block access to removable devices for all users.
There is a group in Active Directory ( R2) that users can be put in to block access to the policy and apply a policy that allows removable devices. The Group Policy entries for controlling access to removable storage and portable devices is actually nothing more than an easy way for Administrators to apply PnP device node ACLs to a whole class of devices at a time (for example, applying the "Deny Write Access to Portable Devices" Group Policy would adjust the ACLs of all WPD devices to.
Even better there is a deny execute access policy setting prevents your users the running on BYO applications such as Firefox Portable and even some malicious software via USB sticks.
While most of the device types seem obvious, the WPD Device allows you to control access “to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.”.
Enable the Deny write access policy for each device type. Your organization's security policy allows users to connect their smart phones, cameras, and music players to their Windows systems. They are allowed to view photos and movies, listen to music, and copy media files from these devices to their Windows system.