[PowerShell] Enable/Disable access to removable storage

wrote a script for a customers network administrator to enable and disable access to removable storage. In the example below I used the registry keys for the Removable Disks: Deny write access and Removable Disks: Deny read access Group Policy Objects. It is easier to fix this with Group Policy if the computers are domain joined, you can set the policy in Computer Configuration > Administrative TemplatesSystem > Removable Storage Access.

removablestoragegpo

Note: The script below is only tested on Windows 10, version 1511. Use it as reference for your own environment.

Download: Block-USB.zip 1.2 KB ( 1269 bytes )
SHA256: ed87ea7332df0a8dada6d902790d15b2e753f65cef0bb9463156ad0953af37bb
VirusTotal: link

removablestorageps

  • benna

    Doesn’t work, it auto-shuts-down and debugger says “No parameter used, use -Enable or -Disable at the command line”

    Really needed this.

    • Felipe Santos

      Actually this means it’s working and you must pass a parameter to see it working as you intend.

      To do this:
      – Open up powershell as an administrator.
      – Go to the script location
      – Open the script by writing it’s name in the prompt
      – Before you hit “enter” you need to pass a parameter, to do so, it’s like that “.script.ps1 -enable or .script.ps1 -disable”

      PS: First you have to be sure to set execution policy to RemoteSigned or Unrestricted (if you know what you’re doing).

      To do so, is very simple:

      – Open powershell as an administrator
      – Enter this command (without the quotes) “set-execution policy RemoteSigned”
      – Then hit the letter A

      I hope this can help you.

  • Felipe Santos

    Hi BVUCINEC.

    Thank you for your script.

    It worked but I needed to gpupdate after enabling and disabling the policie.

    Any thoughts about that?