Windows 7 / Getting Started

Configuring Removable Drive Policies

Windows includes Group Policy settings that apply to removable drives. These are important because removable drives pose a significant security risk to companies. Users can copy confidential data to USB drives, CD-ROMs, DVD-ROMs, or cell phones and take it to a competing company. Users can also bring in undesirable software including viruses, spyware, and other types of malicious applications. Group Policy contains a series of settings that you can use to limit what users can do with removable drives. You can configure these policies using the Local Group Policy Editor on a standalone computer, or you can use the Group Policy Management Editor in an AD DS environment to apply policies to all computers in a site, domain, or organizational unit (OU).

Navigate to the Computer Configuration\Administrative Templates\ System\Removable Storage Access node to obtain the policy settings. By enabling specific policies, you can deny read, write, and execute access to the specified type of device; the WPD devices class refers to devices such as media players, cell phones, iPods, auxiliary displays, Windows CE devices, and so on (WPD stands for Windows Portable Device). Enabling the All Removable Storage classes: Deny all access policy denies read and write access to all types of removable storage devices, whereas enabling the All Removable Storage: Allow direct access in remote sessions policy enables access to these devices when connected by a remote access session only. Enabling these policies overrides settings that you can configure for individual drive types. The Custom Classes policy enables you to deny access to custom removable storage classes according to their class GUID. The Time (in seconds) to force reboot enables you to specify a time interval after which a computer will reboot to enforce a change that you've made to one of the other policies; if you have not configured this setting, the change will not take place until a user reboots her computer.

[Previous] [Contents]

In this tutorial:

  1. Windows Disk Management
  2. Managing Disks and Volumes
  3. Basic and Dynamic Disks
  4. Working with Basic Disks
  5. Converting Basic Disks to Dynamic
  6. Working with Dynamic Disks
  7. Troubleshooting Disk Problems
  8. Managing File System Fragmentation
  9. The Defrag.exe Command-Line Tool
  10. RAID Volumes
  11. Creating a RAID-0 Volume
  12. Creating a Spanned Volume
  13. Creating a RAID-5 Volume
  14. Using DiskPart to Create Striped, Mirrored, and RAID-5 Volumes
  15. Managing and Troubleshooting RAID Volumes
  16. Configuring Removable Drive Policies