Device Control for Windows 10 only - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Device Control for Windows 10 only9/12/2017 6:43:15 PM
2Device Control9/26/2017 6:32:05 AM


This Fixlet allows only certain USB Devices and denies all others. To change Device Hardware ID's modify the AllowDeviceIDs\n field. PC can be run with or without admin rights.

Property Details

StatusBeta - Preliminary testing ready for more
TitleDevice Control for Windows 10 only
SourceTom Stacy
Source Release Date9/8/2017 12:00:00 AM
KeywordsUSB, Device Control
Added by on 9/12/2017 6:43:15 PM
Last Modified by on 9/24/2017 5:49:26 PM
Counters 583 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.



Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
// Enter your action script here
regset "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" "AllowDeviceIDs"=dword:00000001
regset "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" "DenyRemovableDevices"=dword:00000001
regset "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs\1"=sz:USBSTOR\DiskUSB_2.0_USB_Flash_Drive_1100
regset "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs\2"=sz:USB\VID_125F&PID_0000&REV_1100
regset "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy\SimpleText"=sz:BigFix has prevented this PC from mounting this USB device.
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Social Media:
Share this page on Yammer


Log In or Register to leave comments!
tstacy -
Good Idea jgstew!
jgstew -
Using the messaging as a way to offer users help to resolve this issue, like filing a ticket, would be another option.
jgstew -
I would change the messaging from "BigFix has prevented this PC from mounting this USB device." to something more like "The device security policy has prevented this PC from mounting this USB device." ... Don't give users a reason to blame bigfix for something that isn't actually due to BigFix. BigFix may have set this setting, but it could just as easily have been GPO or any other tool.