If you don’t wish to use any USB devices or USB storage devices, you can block the USB ports on your computer. In Windows 11, you can use a graphical or command-line method to do that.
Why Block USB Devices?
There are many reasons to block USB devices on Windows 11. It is possible (and relatively common) to deliver malware via a USB device. Additionally, blocking USB devices also allows you to prevent unwanted data transfers (someone trying to copy files to or from your machine). The USB Rubber Ducky is a good example a specialized USB tool designed to steal data.
If you don’t use any USB devices with your machine, it makes sense to keep the ports disabled, since this also prevents other users from using these ports on your computer. You can unblock any USB ports you want on your computer.
Block All USB Devices Using Device Manager
If you want to disable all the USB ports so no USB devices can work with your system, use the Device Manager utility. Note that this method even turns off any USB-enabled mice or keyboards. Just keep in mind that this could be a problem if you don’t have an alternative way to control your PC set up in advance.
To start, launch Windows Search (press Windows+S), type Device Manager, and open the utility. Expand the “Universal Serial Bus Controllers” section, right-click a USB port on the list, and choose “Disable Device.” Select “Yes” in the prompt.
If you don’t find the “Disable Device” option for a USB port, you’ll have to disable that port using BIOS as explained below in this guide.
Repeat the above step until you’ve disabled all the ports on the list.
From now on, when you connect a device to any USB port on your machine, your system won’t connect with that device. In the future, you can re-enable your USB ports by opening Device Manager, expanding “Universal Serials Bus Controllers,” right-clicking each port on the list, and choosing “Enable Device.”
Block USB Storage Devices From PowerShell
If you like command-line methods, you can use a cmdlet in PowerShell to block all USB storage devices on your PC. Note that other devices like keyboards and mice will still continue to work.
To start, open Windows Search (press Windows+S), type PowerShell, and choose “Run as Administrator.” Select “Yes” in the User Account Control prompt.
On the PowerShell window, type the following cmdlet and press Enter. This cmdlet changes a value in the Windows registry to prevent USB storage devices from working with your machine.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR" -Name "Start" -Value 4
After executing the cmdlet, restart your Windows 11 PC to bring the changes into effect.
In the future, you can re-enable USB storage devices on your PC by running the following command in PowerShell.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR" -Name "Start" -Value 3
Don’t forget to restart your computer after executing the command.
Block USB Storage Devices Using Local Group Policy Editor
If you’re running Windows 11’s Pro edition, you can use the Local Group Policy Editor tool to block USB storage devices. Note that this tool isn’t available in Windows 11’s Home edition.
To use it, launch the Run dialog box by pressing Windows+R, Type the following in the box and select “OK” or press Enter:
gpedit.msc
On the Local Group Policy Editor window, using the options on the left, navigate to the following path. On the right pane, double-click the item that says “All Removable Storage Classes: Deny All Access.”
Computer Configuration > Administrative Templates > System > Removable Storage Access
On the open window, at the top, select the “Enabled” option. Then, at the bottom, choose “Apply” followed by “OK.”
Close Local Group Policy Editor and restart your PC.
In the future, to unblock USB storage devices, double-click the “All Removable Storage Classes: Deny All Access” entry, choose “Not Configured,” and select “Apply” followed by “OK.” Make sure to then reboot your computer.
Block USB Storage Devices Using Registry Editor
You can tweak a value in the Windows registry to disable and enable USB storage devices. This method works on both Pro and Home editions of Windows 11.
Making accidental changes in the Windows registry can cause your system to be unstable. Therefore,
back up the registry
before making any changes and follow the instructions carefully.
To begin, launch Run by pressing Windows+R. Type the following in the box and select “OK” or press Enter:
regedit
Select “Yes” in the User Account Control prompt.
In Registry Editor, navigate to the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
On the right pane, double-click the item that says “Start.” In the open window, click the “Value Data” field and type 4. Then, select “OK.” The value of 4 tells Windows not to acknowledge any USB storage devices.
Close Registry Editor and restart your PC to bring the changes into effect.
To reverse your change and unblock USB storage devices in the future, navigate to the above path in Registry Editor, double-click the “Start” entry, type 3 in the “Value Data” field, select “OK,” and restart your PC.
If You Can’t Disable USB Ports Using Other Methods, Use BIOS
If you don’t see the option to disable USB ports in Device Manager, use your PC’s BIOS settings menu to turn off those ports. To do that, launch Settings, select System > Recovery, click “Restart Now” next to Advanced Startup, and choose “Restart Now” in the prompt.
On the Choose an Option page, select Troubleshoot > Advanced Options > UEFI Firmware Settings and click “Restart.” Each BIOS menu is different, but you’ll find an option labeled as USB or similar. On my Asus laptop, I’ll head into the “Advanced” tab, choose “USB Configuration,” and then disable the ports.
When you want to re-use the ports, you’ll have to enable them from BIOS (since you disabled them from BIOS).
And that’s how you prevent USB devices from interacting with your Windows 11 PC. If you’re concerned, there are ways to secure your webcam as well.
Source link
-
-
-
-
-
-
-
-
