Help Center Home > Policies > Manage Removable Storage on Windows Devices
Subscribe to Help Center RSS Feed Subscribe to Policies RSS Feed
In the past, you were able to choose from the following two policies to manage removable storage:
- Disable CD & DVD read access: disables the device’s read access to CD and DVD drives.
- Disable USB Storage: prevents users from mounting any USB mass storage device, such as flash and USB drives.
Anew policy called Removable Storage replaces these two policies. This policy is powerful enough to disable any combination of the following removable storage classes with an associated level of access:
| Policy Option | Block Read | Block Write | Block Run | Allow Remote Access |
|---|---|---|---|---|
| CD & DVD | ✔️ | ✔️ | ✔️ | |
| Floppy drives | ✔️ | ✔️ | ✔️ | |
| Removable discs | ✔️ | ✔️ | ✔️ | |
| Tape drives | ✔️ | ✔️ | ✔️ | |
| Windows Portable Devices (WPDs) | ✔️ | ✔️ | ||
| All Classes | ✔️ | ✔️ | ✔️ | ✔️ |
The new Removable Storage policy also corrects any issues you may have occasionally seen when you applied both legacy policies to a device.
Considerations:
- If you createdeither of the legacy policies,Disable CD & DVD read accessorDisable USB Storage, they’re still in effect. However, this meansif you want to use the new Windows Removable Storage Policy, you must delete any legacypoliciesfirst.
Warning:
If you don't remove legacy policies and also create the new Windows Removable Storage policy, there's a chance that none of the removable storage policies will work and your devicesmay be vulnerable to data theft and the introduction of malware.
Deleting Legacy Policies
If you createdeither of the legacy policies,Disable CD & DVD read accessorDisable USB Storage, they're still in effect. This means you can manage them like any other policy. However, if you want to use the new Windows Removable Storage policy instead, you must delete any of these legacy policies first.
Warning:
If you don't remove legacy policies and also create the new Windows Removable Storage policy, there's a chance that none of the removable storage policies will work and your devicesmay be vulnerable to data theft and the introduction of malware.
Note:
- If you remove either of these legacy policies, you can’t recreate them. These legacy policies are no longer available in the AdminPortal. You must use the new Windows Removable Storage policy instead, which is recommended.
- If you delete legacy policies and don’t replace them with the new Windows Removable Storage policy, users can access removable media which poses risks, including data theft and the introduction of malware.
- If you aren’t usingeither of the legacy policies,Disable CD & DVD read accessorDisable USB Storage, you don’t need to follow these steps before using the newWindows Removable Storage policy.
To deletelegacy Windows removable storage policies:
- Log in to the JumpCloud Admin Portal:https://console.jumpcloud.com/login.
- Go toDEVICE MANAGEMENT>Policy Management.
- SelectDisable USB Storageor the name you gave to this policy.
- SelectDisable CD & DVD read access, or the name you gave to this policy.
- Clickdelete.
- On the Deletepolicy confirmation screen, clickcontinue.
You will see confirmation that the policieshavebeen deleted.
Creatinga Windows Removable Storage Policy
When managing removable storage on Windows, you used to have to create two separate policies - one for CD/DVD, and the other for USB. Now you can use one policy to prevent users from mounting any combination of the following removable storage classes:
- CD & DVD
- Floppy drives
- Removable disks
- Tape drives
- Windows Portable Devices (WPD)
After you create the policy, apply it to a device, and reboot the device, then the policy takes effect. Whena user attaches a type of removable storage that your policy blocks, the device won't respond. This means the storage won't appear on the user's desktop or be listed in Device Manager.
Note:
- If you createdeither of the legacy policies,Disable CD & DVD read accessorDisable USB Storage, they’re still in effect. If you want to use the new Windows Removable Storage policy, you must delete any legacypoliciesfirst.
- If you don’t remove legacy policies and also create the new Removable Storage policy, there’s a chance that none of the removable storage policies will work and your systems may be vulnerable to data theft and the introduction of malware.
Warning:
- To apply a policy to a device, it must be running on a supported OS.Before you assign a policy, you can follow the instructions in Assign a Policy to a Device.
- To apply a policy to a group of devices, you must define device groups. Before you assign a policy, you can follow the instructions inCreate a Device Group.
To create a Windows removable storage policy:
- Log in to the JumpCloud AdminPortal:https://console.jumpcloud.com/login.
- Go toDEVICE MANAGEMENT>Policy Management.
- Click (+).
- On the Configure New Policypanel, selectWindows.
- Scroll down to findRemovable Storage, clickconfigure.
- InPOLICY NAMEyou cantype in a new title if necessary.
- InSettings, select the options that apply to your fleet needs.
- To apply the policy to one or more devices, select theDevicestab. Next toDeviceName, select the options for all the devices where you want to apply this policy.
- To apply the policy to a defined group of devices, select theDevice Groupstab. Next toDeviceGroup Name, select the options for all the groups where you want to apply this policy.
- Clicksave policy.
- Restart all devices where you applied the removable storage policy.
Viewing the Windows Policy Status
After a policy is created and saved, it may take a few minutes for the policy to be enforced on the device. When the policy is running, you can view its status to determineif the policy has been successfully applied or it it requires your attention.
To view the policy status:
- Log in to the JumpCloud Admin Portal:https://console.jumpcloud.com/login.
- Go toDEVICE MANAGEMENT>Policy Management.
- Click theRemovable Storagepolicythat you just created.
- ClickStatus.
- To see the last Result Log for a device where this policy is applied, in the results list next to a device, clickView.
Note:
If any errors occur, they are listed in Exit Status. If you have an Exit Status of 0, no errors have occurred when applying or enforcing this policy.
Deletinga Windows Removable Storage Policy
There areseveral ways you can permit users to access removable storage devices after creating a policy to block access:
- If you want to allow users on a specific deviceto access storage devices, you can remove that device from the policy without removing the policy itself.
- You can also remove groups of devices from thepolicy without removing the policy itself.
- To allow all Windows devices managed by JumpCloud to access removable storage devices, you can remove the policy completely.
Warning:
Remember that allowing users access to removable media poses risks, including data theft and the introductionof malware.
To allow access to Windows removable storage:
- Log in to the JumpCloud Admin Portal:https://console.jumpcloud.com/login.
- Go toDEVICE MANAGEMENT>Policy Management.
- If you want to remove devices from the policy, clickRemovable Storageor the name that you gave this policy.
- Go toDEVICE MANAGEMENT>Devices. Clear the options for all devices that you want to remove. Clicksave policy.
- If you want to remove groups from the policy, clickRemovable Storageor the name that you gave this policy. Select theDeviceGroupstab. Clear the options for all groups that you want to remove. Clicksave policy.
- If you want to completely remove the policy, selectRemovable Storage, or the name you gave to this policy. Clickdelete. On the Delete Policy confirmation screen, clickcontinue.
Back to Top
In this Article
In this ArticleLearn More
Learn MoreCreate a Disable USB Storage Policy for Linux
Still Have Questions?
If you cannot find an answer to your question in our FAQ, you can always contact us.
Submit a Case
