Want to control the use of unauthorized USB devices in your network? In this guide I will show you how to disable USB ports with three different methods: Using dedicated device control software to disable USB ports, Windows Device Manager, and Group Policies through Active Directory.
With these methods you’ll be able to disable USB ports in Windows 10, Windows 7, and other Windows operating systems.
AccessPatrol is a device control software solution that protects sensitive data against theft to portable storage devices.
AccessPatrol keeps data secure by…
AccessPatrol’s central console allows you to apply security policies and run reports on your user’s USB activities from the convenience of a web browser.
The security policies are enforced by a software agent that is installed on your user’s computers. This keeps devices restricted and monitored even when the computers are taken off of the network.
Here’s an overview of AccessPatrol’s key features.
Under Device Permissions you can assign unique device control policies for specific groups of computers or users.
AccessPatrol controls a variety of peripherals, including…
Under the allowed list you can specify trusted devices that can be used on your computers.
If you need to temporarily lift device restrictions for devices that aren’t on the allowed list, you can use the access code generator.
This allows you to set a time-limited policy exemption for a specific computer. The access code generator does not require internet access to work, making it the ideal solution for travelling users and other special circumstances.
To further protect sensitive data, AccessPatrol allows you to block file transfers based on file names and extensions. This ensures that even allowed devices can’t transfer sensitive data.
AccessPatrol also includes a variety of USB activity reports to help organizations audit data transfers and peripheral device use.
These reports provide insight into…
AccessPatrol’s reports can be generated on-demand, on a set schedule, or automatically sent to your inbox to alert you of specific events.
Don’t let a preventable data leak ruin your organization. Take back control over portable storage devices with a free trial of AccessPatrol.
Get started today by visiting CurrentWare.com/Download
If you have any questions during your evaluation our technical support team is available to help you over a phone call, live chat, or email.
Thank you!
Your employees have intimate access to corporate data and knowledge of internal systems. Without proper access control measures stealing data is as simple as transferring it to a portable mass storage device such as a USB flash drive.
Flash drives are capable of storing greater than 1TB of data, which is more than sufficient for exfiltrating databases, spreadsheets, design files, and any other intellectual property that needs to be protected.
One use of Data Loss Prevention (DLP) software is blocking the copying of files to a USB flash drive. This prevents employees from using their privileged position to steal sensitive information such as trade secrets and personally identifiable information.
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.
These vulnerabilities need to be addressed as part of any insider threat management program. Click the button below to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.
USB devices can unknowingly infect company computers with ransomware and other malicious software. Disabling USB ports protects endpoints against rogue USB devices by proactively preventing the transmission of malicious files.
Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.
In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.
These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.
They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.
Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.
At this time, AccessPatrol can track activities from the following peripherals:
This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.
Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales.
Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.
For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur.
For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol
In the overview dashboard you can review the following metrics:
Moving on to the Files Dashboard you will see…
Finally, we have the Devices Dashboard.
In this dashboard, we have…
As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.
While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious.
For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.
Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.
Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.
Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity.
Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices.
Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.
Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.
As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.
With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in.
Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.
Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.
Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!
Hi there welcome to the CurrentWare video where today we will show you how to block employees from using USB devices at work. CurrentWare has been a leading provider of Internet restriction, employee productivity, and endpoint management software for over 15 years.
We’re excited to show you the administrative console today. In order to block employees from using USB devices at work you’d first be required to install the CurrentWare agent on each of your employee’s computers.
You can either do this by local or remote client install. Once the installation is complete the different computers and users will show up on the left side of the screen. The departments and groupings will be based on the directories that you assign for the CurrentWare console.
In this example, we have the administrator, development, marketing, and three other folders available. Once this is configured you have the ability to determine which devices are blocked or allowed using our AccessPatrol solution.
When we click into the device blocking section you can see the different devices that are available: Storage, wireless, and different ports. You have the simple ability to click into USB and choose between full access, read-only, or no access. No access would mean that no employee in that directory has access to use their USB
As you can see on the left side there are a lot more configuration options available. With the prevalence of cell phones, external hard drives, Bluetooth, and Wi-Fi, many IT departments have chosen to block these endpoints from being available for employees today.
In addition on Accesspatrol, you have the ability for device reporting. You can see the different files that are transferred between devices or if there are any block devices you have the ability to actually see which ones were plugged in.
In this example, we can see Brandon’s access of blocked devices. We’re able to see that although USB devices were blocked for Brandon he actually tried to plug in USB devices many times. AccessPatrol has many different ways to configure reports but also set up different device access for users, groupings, and departments.
We hope you found this demo useful and we’d be glad to show you more about AccessPatrol and the benefits that CurrentWare can provide by visiting CurrentWare.com. A 14-day free trial the software is also available. Thank you for watching!
Note: The above video showcases a legacy user interface for AccessPatrol. To see the most up-to-date features and interface please visit the AccessPatrol product page
AccessPatrol is a granular and easy-to-use software to disable USB ports in Windows 10, Windows 8, and Windows 7. It allows you to control access to USB devices and other peripherals based on users, computers, workgroups, and domain membership.
This level of control allows you to protect against unauthorized USB devices without blocking the legitimate use of company-controlled peripherals. That way, rather than fully disabling USB ports you can selectively control the USB devices you would like to allow.
It is also a centralized USB blocker software, allowing you to control USB device permissions for thousands of users from a single console. This makes locking USB ports for your entire workforce as easy as a few clicks.
To disable USB ports with AccessPatrol you simply need to install the CurrentWare Console on the Manager’s computer, install the CurrentWare Client on the computers that you would like to disable USB ports on, and return to the CurrentWare Console to assign USB device permissions based on user, endpoint, or workgroup.
In addition to disabling USB ports, the AccessPatrol endpoint security software can block or limit the use of the following peripheral devices. Endpoint device restrictions can be configured based on computer, user, or workgroup.
Device Class | Devices | Access Permissions |
Storage Devices | USB | Full / Read only / No access |
DVD /CD | Full / Read only / No access | |
Floppy | Full / Read only / No access | |
Tape | Full / Read only / No access | |
External Hard drive | Full / Read only / No access | |
Firewire | Full / Read only / No access | |
SD Card | Full / Read only / No access | |
MM Card | Full / Read only / No access | |
Wireless Devices | Bluetooth | Full / No access |
Infrared | Full / No access | |
Wifi | Full / No access | |
Communication Ports | Serial | Full / No access |
Parallel | Full / No access | |
Imaging Devices | Scanners | Full / No access |
Cameras, Webcams & Others | Full / No access | |
Others | Printers | Full / No access |
USB Ethernet Adapter | Full / No access | |
Sound Cards | Full / No access | |
Portable Devices (iPhones, Mobiles) | Full / No access | |
Network Share | Full / No access |
AccessPatrol allows you to prevent specific files from being transferred to external devices based on their filename or file extension.
By default AccessPatrol’s Block File Transfers feature will not apply these restrictions to devices that have been added to the Allow List.
If you would also like to block these file transfers to authorized USB devices you simply need to click the “Apply Block File Transfers on Allowed Devices” checkbox before applying the policy to the clients.
If you would like to disable USB ports for mass storage only (e.g. without blocking keyboards, mice, and other desired USB devices) you can do that with AccessPatrol.
By default, when disabling USB ports with AccessPatrol it will distinguish between USB mass storage devices and other peripherals such as keyboards and mice. It also provides granular control over other portable storage devices such as external hard drives, SD Cards, and mobile phones.
AccessPatrol’s ability to distinguish between mass storage and keyboards makes it the best USB mass storage device blocking software for business.
After following these steps you will be blocking USB mass storage devices while still allowing keyboards and mice to function.
With AccessPatrol’s Allowed List you can disable USB ports while still allowing specific authorized USB devices.
Administrators can use AccessPatrol’s Device Allowed List to establish a list of devices that their end-users can use on company devices, even when USB ports are disabled.
You can choose to allow devices by the following identifiers:
Device whitelisting is configured on a per-folder basis. Devices that are added to the allowed list for a given folder will apply to any computers that are in the specified folder. AccessPatrol’s allowed list supports USBs, External Hard drives, Imaging devices, and portable devices.
Note: Allowing a device by serial number is fully compatible with Windows 10. For Windows 7 or 8, some newer models of USB devices may not support this feature. Instead of allowing by serial number, it will allow all devices from the same vendor and model.
AccessPatrol can grant temporary access to blocked devices using it’s access code generator.
Administrators and authorized managers can use the generator to produce a single-use code that provides users with a set duration where the computer’s USB ports are no longer disabled by AccessPatrol.
The access code is unique to each computer that you generate for and the computers do not need to be connected to the internet to use it. So long as the CurrentWare client is installed on the employee’s computer they can be provided with temporary access to USB devices.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
If you would like to completely disable individual USB ports on a per-computer basis, you can do so with Windows Device Manager.
This method is the most cumbersome to manage when an employee needs legitimate access to authorized USB devices as you will need to manually unlock the ports from the device itself rather than using a central console.
To ensure that the employee does not manually unlock the ports you will need to ensure they do not have access to an administrator account. To re-enable the ports simply perform steps 1-5 and select “Enable device”.
If you would like detailed instructions on how to use a Group Policy Object to block employees from using USB devices you can visit this guide on the CurrentWare blog.
Although applying group policies is a useful way to control the usage of USB storage devices in an organization, there are disadvantages that should not go unnoticed.
GPO vs USB Blocking Software:
Using software to disable USB ports is critical for protecting sensitive data against theft through unauthorized USB devices. If you would like to easily manage USB device permissions in your company you can get started with a free trial of AccessPatrol USB device control software today.
Fill out the form to sign up for Catching Up With CurrentWare, a monthly newsletter with our latest articles, resources, and news.
| Thank you for Signing Up |
Download this FREE removable media policy template to help protect the sensitive data in your custody.
👉 Set data security standards for portable storage
👉 Define the acceptable use of removable media
👉 Inform your users about their security responsibilities
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |