USB Write Blocking via GPO

Caution

Software write blocking is not as reliable as hardware write blocking. It is recommended to use a hardware write blocker when possible.

Overview

This guide will show you how to configure USB write blocking on Windows systems using Local Group Policy. This is useful for preventing unauthorized data transfer to USB devices, especially useful when mounting drives to forensicly image them.

Prerequisites

A Windows system compatible with Group Policy and administrative access to the Local Group Policy Editor.

Usually, any Windows edition that is Professional or higher will have GPO capabilities. This includes:

• Windows 10 Pro
• Windows 10 Enterprise
• Windows 11 Pro
• Windows 11 Enterprise
• Windows Server editions

Steps

1. Open the Group Policy Editor:

   • For Local Group Policy: Press Windows + R, type gpedit.msc, and hit Enter.
   • For Active Directory Group Policy: Press Windows + R, type gpmc.msc, and hit Enter.
     • Edit an policy object or create a new one.
     • You must be on a machine with Remote Server Administration Tools installed.

2. Navigate to the following path: Computer Configuration -> Administrative Templates -> System -> Removable Storage Access

3. In the right pane, find the policy named Removable Disks: Deny Write Access

4. Double-click on the policy to open its properties.

5. Select the Enabled option to enable write blocking for removable disks.

6. Click OK

7. Reboot the computer for the changes to take effect.

8. Test the changes to ensure that write access to USB devices is blocked.

   • Insert a USB drive and try to copy files to it. You should receive an error message indicating that the operation is not permitted.