how to block usb in active directory for users or computers


after searching whole internet for a tutorial to block usb devices in active directory i found that non of them are actually work because in all of them they said to

“enable (* removable access * deny) in computer config/administrative templ

and link existing gpo to USER or OU

then run gpoupdate /force command in both server and client

and poof not working

because they point to enable usb blocking in computer config so then we shoud link gpo to comuter instead of users

while doing that make usb blocking work perfectly but also block usb for every user on that particular computer included administrators

so what to do to block usb for users instead of computer?sample just:

enable gpo in user config/ instead


also if your AD functional level is windows server 2000 the android smartphone and other portable device is still have accessable to avoid that you need to raise it to 2012 r2.

be notice with that windows xp and older mashine maybe stop working in AD




پاسخ دهید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *