CD/DVD drives are fast disappearing from modern laptops and desktops. USB ports, and by extension USB drives are now becoming the common storage devices used to transfer and back-up files, and use as installation media. If you look at the USB market, you’ll notice that the lowest storage denomination for a USB drive has also gone up. USB drives are useful, especially if they support USB 3.0 but if a drive comes from an infected system, or it’s malicious, it can also infect your system when you connect it. If you like, you can disable USB drives on your system for a little extra security. Here’s how.
Disable USB Drives
You can do this on both Windows 10 Pro and on Windows 10 Home. On Windows 10 Pro, you will have to go through the Group Policy Editor, and on Windows 10 Home, you need to go through the registry editor. In Both cases, you need admin rights to disable USB drives.
Windows 10 Pro
Open the Group Policy editor and go to the following policy;
Computer Configuration > Administrative Templates > System > Removable Storage Access
Select the Removable Disks policies, and deny them both read and write permission. This will prevent USB drives from connecting to your system.
Windows 10 Home
Open the registry editor and go to the following location;
Here you will see a value named Start. Double-click it to edit it. It will, in most cases, have the value 3. Replace it with 4, click OK, and close the registry.
When you next connect a USB drive, or any other storage media that connects via a USB port, you will not see it in File Explorer, the drive will not be able to auto-run, and you won’t be able to access it in any way.
This applies only to a Windows 10 environment. If, for example, you’re dual booting Windows 10 and Linux and your Linux installation has no such restrictions in place, anyone can boot to your Linux desktop and connect a USB drive. Likewise, if you boot to your BIOS and set the first boot device to USB drives (etc), your system will boot from it instead of from your local HDD or SSD.
The USB drive blockade only works if Windows 10 is running. If there is any other OS that you boot to on the system, it will not have the same restrictions. If you’re interested in placing the same restrictions on your BIOS, it’s better that you change the first boot device to your HDD/SSD and add a password to the BIOS to prevent unauthorized changes to it.