How to Disable USB Flash Drives and Other Removable Storage in Windows

USB flash drives and other removable storage devices can pose security risks, especially in corporate environments. Disabling USB access is one way to prevent unauthorized data copying and malware intrusion. This guide explores several methods to block USB flash drives and other removable storage on Windows.

Method 1: Disabling USB Devices via Local Group Policy Editor

This method is available for Windows Professional, Enterprise, and higher editions:

  1. Press Win + R and type gpedit.msc to open the Local Group Policy Editor.
  2. Navigate to: Computer Configuration -> Administrative Templates -> System -> Removable Storage Access.
  3. Find the option Removable Disks: Deny read access and double-click it.
  4. Select Enabled and click OK.
  5. To fully block access, you can also enable the Deny read access and Deny write access options for other device types (CD/DVD, floppy disks, etc.).

After completing these steps, the computer will not be able to read data from USB drives. To restore access, change the settings back to “Not Configured.”

Method 2: Blocking USB Ports via the Registry

You can use the Registry Editor for more flexible settings, available on all Windows editions. It's recommended to create a system restore point before editing the registry.

  1. Press Win + R and type regedit to open the Registry Editor.
  2. Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR.
  3. Find the Start parameter and double-click it.
  4. Change the value to 4 (default is 3).
  5. Click OK and close the Registry Editor.

After restarting the computer, USB access will be blocked. To restore it, simply change the Start value back to 3.

Method 3: Using Third-Party Software

There are numerous third-party applications that allow flexible control over USB and other removable storage access. Programs like Endpoint Protector and USB Block provide extensive management options for port access and help prevent unauthorized data copying.

Method 4: Using Windows Defender and Security Policies

Windows also allows security policy configuration through Windows Defender and its advanced features. This requires configuring device management within Endpoint Protection policies, available to users of Microsoft Intune and Defender ATP.