Who Should Use This Guide?
Benefits of Controlling Device Installation Using Group Policy
Device Installation in Windows
Group Policy Settings for Device Installation
Group Policy settings for Removable Storage Access
Requirements for completing the scenarios
Prevent installation of all devices
Prerequisites for preventing installation of all devices
Steps for preventing installation of all devices
Allow users to install only authorized devices
Prerequisites for allowing users to install only authorized devices
Steps for allowing users to install only authorized devices
Prevent installation of prohibited devices
Prerequisites for preventing installation of prohibited devices
Steps for preventing installation of prohibited devices
Control read and write permissions on removable media
Prerequisites for controlling read and write permissions on removable media
Steps for controlling read and write permissions on removable media
Logging bugs and feedback
This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. Specifically, in Windows Server 2008 and Windows Vista you can apply computer policy to:
Prevent users from installing any device.
Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.
Deny read or write access to users for devices that are themselves removable, or that use removable media, such as CD and DVD burners, floppy disk drives, external hard drives, and portable devices such as media players, smart phones, or Pocket PC devices.
This guide describes the device installation process and introduces the identification strings that Windows uses to match a device with the device driver packages available on a computer. The guide also illustrates three methods of controlling device installation. Each scenario shows, step by step, one method you can use to allow or prevent the installation of a specific device or a class of devices. The fourth scenario shows how to deny read or write access to users for devices that are removable or that use removable media.
Read more: MSDN