How to use Group Policy to prevent USB disk from starting in Win7 system

Put your own U disk inserted first, so that the system can use the U disk, and then into the "Control Panel", open the "Device Manager", in the expansion of the "disk drive", you can see that there are your U disk.

Click on the right mouse button to select "Properties", in the Pop-up Properties window, click the "Details" tab, and then select "Hardware ID" in the Device "Properties" drop-down box, and a string will appear in the value below, which is the hardware ID of your USB drive, which is copied and saved.

You also need to replicate the hardware ID of the USB mass storage device in the Universal Serial Bus controller, in Device Manager, expand the Universal Serial Bus Controller list, locate the USB mass storage device, click the "Details" tab in its Properties window, and then copy its hardware ID and save it.

Find the hardware ID of U disk can be implemented through Group Policy, in the Start menu search "Run", click to run, or directly win+r open the "Run" window, enter "Gpedit.msc".

Expand "Computer configuration → management template → system → installation → equipment installation Restrictions", open "prohibit installation of devices not described by other policy settings" on the right, select "Enabled" in the pop-up window, click the "OK" button, and then open the "Allow installation to match the following device ID", set to Enabled, in the Options pane, click Show to add the copied hardware IDs separately.

Setup is successful without rebooting. When inserting a new Removable storage device (which has never been run on this computer), the following prompts are ejected during the installation drive to successfully block.

Attention

When you need to add a new trusted mobile storage device, simply set the (1) in step fourth to "Not Configured" or "disabled," and then reinsert the new device to enable it to start, and then add the hardware ID to (2). Finally, the setting has the risk, the operation should be cautious.