Restricting Removable Devices on Windows Server 2022

Question

Restricting Removable Devices on Windows Server 2022

Em 0

Hi,

I have a Windows Server 2022 and i would like to disable the access to removable disks but it doesnt seem to want to work.

Within MMC > Non-administrator policy i have set the pin 'All Removable Storage Classes: Deny all access' to enabled meaning i should not be able to have access to removable devices yet i do. Is there something else i need to set on the server?

I set this same pin on a client PC and it worked fine so I'm not sure why it isn't working on my server.

Any help is appreciated!

kapil verma 0 Reputation points

2025-10-15T15:43:54.7+00:00
To enhance security and prevent unauthorized data transfer or malware infections, you can restrict the use of removable devices (e.g., USB drives) on Windows Server 2022 through Group Policy or local policy settings.

Method 1: Using Group Policy

Open Group Policy Editor:

Press Win + R, type gpedit.msc, and press Enter.

Navigate to the following path:

Computer Configuration > Administrative Templates > System > Removable Storage Access

Configure settings:

Enable the following policies as needed: **All Removable Storage classes: Deny all access** – Prevents all read and write access. **Removable Disks: Deny read access** **Removable Disks: Deny write access** **Apply and close the editor.** **Run `gpupdate /force`** in Command Prompt to apply the policy immediately.

Method 2: Using Device Installation Restrictions (Optional)

Go to:

Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

Enable policies like:

Prevent installation of removable devices

**Prevent installation of devices not described by other policy settings**

Notes:

These settings can be applied locally or via Group Policy Management Console (GPMC) in a domain environment.

Always test policies in a controlled environment before deploying them broadly.To enhance security and prevent unauthorized data transfer or malware infections, you can restrict the use of removable devices (e.g., USB drives) on Windows Server 2022 through Group Policy or local policy settings. Method 1: Using Group Policy

Open Group Policy Editor:

Press Win + R, type gpedit.msc, and press Enter.

Configure settings:

Enable the following policies as needed:

All Removable Storage classes: Deny all access – Prevents all read and write access.

Removable Disks: Deny read access

Removable Disks: Deny write access

Apply and close the editor.

Run gpupdate /force in Command 8664742082 Prompt to apply the policy immedi

Prevent installation of removable devices

Prevent installation of devices not described by other policy settings

Notes:

These settings can be applied locally or via Group Policy Management Console (GPMC) in a domain environment.

Always test policies in a controlled environment before deploying them broadly.

2 answers

Your answer

Answer 1

Hello,

The policy "All Removable Storage Classes: Deny all access" is working correctly on your client PC because standard users are, by default, subject to these user-based policies. On a Windows Server, however, you are likely logged in as a member of the Administrators group, which can change how these policies are applied.

The most probable reason the policy isn't taking effect is that administrators are often exempt from these restrictive removable storage policies by design. This is a common security practice to ensure that admins can always perform necessary system recovery or data transfer tasks.

To resolve this, please follow this two-step verification process:

Step 1: Confirm Policy Application and Scope

The policy you configured is located under User Configuration. This means it applies to user accounts, not the computer. Its effectiveness can be overridden by a policy set in Computer Configuration or by your administrative privileges.

Step 2: Apply the Key "Administrator Exemption" Policy

To enforce the policy for administrators, you need to explicitly disable the administrator exemption. Here is the official procedure:

In the same Group Policy Object (your "Non-administrator policy"), navigate to: Computer Configuration > Administrative Templates > System > Removable Storage Access
Locate the policy named: "Removable Storage Access: Apply to administrators".
Set this policy to "Disabled". · Enabling it would apply user policies to admins (which you could also do). · Disabling it means the user policies for removable storage do not apply to administrators, which is often the default state. To enforce your rule on admins, you would actually need to Enable this.

· Start: Goal is to deny removable storage access to all users, including admins.

· Step 1: Enable "All Removable Storage Classes: Deny all access" in User Configuration.

· Step 2: Navigate to Computer Configuration and Enable "Removable Storage Access: Apply to administrators".

· Result: The user policy is now also enforced for administrator accounts.

After making these changes, run gpupdate /force from an elevated command prompt and log off and back on (or restart) for the policies to take full effect.

If this solution works for you, please feel free to mark it as "Accept Answer" 🙂

Best regards,

VP

Answer 2

VPHAN 9,355 Independent Advisor

Hi Em,

Has your issue been solved? If it has, please accept the answer so that others can benefit too. If not, is there anything I can help you with? Please let me know.

Vivian

Share via

Restricting Removable Devices on Windows Server 2022

2 answers

Your answer