A Utility of Policies, that is not normally used and is easy to set up, we could regulate the hardware that users connect to machines by using an Active Directory GPO, controlling for example the use of USB devices.

The first thing will be to identify the hardware ID that we will be interested in allowing, from the 'Details' tab’ of any device we will see its identifiers.

We'll create a GPO, in 'Administrative templates'’ > 'System’ > 'Installation of devices’ > 'Device installation restrictions', We will have different policies to allow or prevent the installation of devices that match a list of identifiers that we will configure.

Apart from, we can configure personalized 😉 messages

This will disable all new device installation on computers, we should take into account that if a USB device has already been connected by users, he will have installed his drivers and therefore can continue to use it; unless we manually uninstall them or block those Ids.

With the 'Start' log entry’ To value '4’ in 'HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor’ we can force all USB devices to be used wherever we apply it. If we have Windows 2000 or XP, we will be able to remove permissions from the 'Users’ in the USBSTOR files. NFP and USBSTOR. INF.