Device Control
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Device Control for Windows 10 only9/12/2017 6:43:15 PM
2Device Control9/26/2017 6:32:05 AM


This Fixlet allows only certain USB Devices and denies all others for Windows 10. To change Device Hardware ID's modify the AllowDeviceIDs\n field.

Property Details

StatusAlpha - Code that was just developed
TitleDevice Control
SourceTom Stacy
Source Release Date9/26/2017 12:00:00 AM
KeywordsUSB, Device Control, Windows 10,
Added by on 9/26/2017 6:32:05 AM
Last Modified by on 9/26/2017 6:33:44 AM
Counters 403 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.



Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
// Enter your action script here
regset "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" "AllowDeviceIDs"=dword:00000001
regset "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions" "DenyRemovableDevices"=dword:00000001
regset "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs\1"=sz:"USBSTOR\\DiskUSB_2.0_USB_Flash_Drive_1100"
regset "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy\SimpleText"=sz:"InfoSec has prevented this PC from mounting this USB."
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Social Media:
Share this page on Yammer


Log In or Register to leave comments!
tstacy -
Good Idea jgstew!
jgstew -
Using the messaging as a way to offer users help to resolve this issue, like filing a ticket, would be another option.
jgstew -
I would change the messaging from "BigFix has prevented this PC from mounting this USB device." to something more like "The device security policy has prevented this PC from mounting this USB device." ... Don't give users a reason to blame bigfix for something that isn't actually due to BigFix. BigFix may have set this setting, but it could just as easily have been GPO or any other tool.