In a Windows environment, virus can come from external USB Flash Drives so it could be interesting to control which devices you want to be allowed to be connected on your machines.
We will see here how to do it with group policies.
We can use two policies to manage our USB Flash Drives. Let's take a look at the main differences between them and how to set them up..
Contrary to the Prevent all removable media rule, here we can add exceptions (white list) of devices we want to be able to be used. To do that we can use the device IDs or the device instance IDs.
As seen above the previously installed USB Flash Drives will still be available despite the policies rules. So to avoid it, we need to remove the devices. To do so we have two possibility, from the Windows Device Manager Console or from the USBDview software.