Win tips on how to stop unfamiliar U-disk startup

Use a personal computer must always use a U disk, as a convenient temporary storage device, u disk is our indispensable means of file exchange, set as a temporary file storage equipment, but also on the personal computer data has a great threat, not only the risk of virus transmission, but also may be stolen, plagiarism and other vicious events.

There is no way to make the system can only use the specified U disk or mobile hard disk, and prohibit other U disk?

We can accomplish this task through Group Policy. setting allows the system to use only the specified USB drive.

Attention:

-This feature is implemented to prevent the installation of mobile storage devices with unknown hardware IDs from installing drivers through Group Policy restrictions.

-For removable storage devices that have been used and run on this computer, simply uninstall the driver on the Device Manager, and then plug in the computer later, preventing it from booting because it is blocked from driving the installation.

Implementation steps:

The first step: the U disk first inserted, so that the system can normally use U disk, and then into the "Control Panel", open the "Device Manager", in the expansion of the "disk drive", you can see that there are your U disk.

The second step: click on the right mouse button to select "Properties", in the Pop-up Properties window, click the "Details" tab, and then select "Hardware ID" in the Device "Properties" drop-down box, and a string will appear in the value below, which is the hardware ID of your USB drive, which is copied and saved.

Step three: You also need to replicate the hardware ID of the USB mass storage device in the Universal Serial Bus controller, in Device Manager, expand the Universal Serial Bus Controllers list, locate the USB mass storage device, and click the "Details" tab in its Properties window. Copy its hardware ID and save it.

(Note: You can write down the hardware IDs of all your personal mobile storage devices to avoid unnecessary trouble, add new removable devices later, and make further additions)

The fourth step: Find the USB disk hardware ID can be implemented through Group Policy.

Search for "Run" in the Start menu, click Run, or directly win+r open the "Run" window, enter "Gpedit.msc", or open the Windows System Toolbox in the "utility" of the Rubik's Cube optimizer to find Group Policy.

Expand Computer Configuration → administrative Templates → system → installation → equipment installation restrictions.

(1) On the right, open the "Prohibit installation of devices not described by other policy settings", select "Enabled" in the pop-up window, and click the "OK" button.

(2) and then turn on "Allow devices to be installed that match the following device IDs", set to Enabled, click Show in the Options pane, and add the hardware IDs copied in step three separately.

Note: The setting of (2) will not take effect until (1) is set to Enabled, so that a USB device that is not described by the policy can be blocked.

Setup is successful without rebooting. When inserting a new Removable storage device (which has never been run on this computer), the following prompts are ejected during the installation drive to successfully block.

Note: When you need to add a new trusted mobile storage device, you can simply set the fourth step (1) to "Not Configured" or "disabled" and then reinsert the new device to enable it to start, and then add the hardware ID to (2).

Finally, the setting has the risk, the operation should be cautious.