Security Guide · · 5 min read

How to Block USB Drives on Windows (3 Methods)

To block USB storage devices on Windows, use Sherlock Forensics USB Blocker for per-disk IOCTL blocking that works on all Windows editions including Home. Alternatives include Group Policy (Pro/Enterprise only) and registry edits (USBSTOR service). USB Blocker is the only method that provides per-device control without enterprise tools.

Why Block USB Drives?

USB storage devices are the easiest way to steal data from a computer. An employee copies client files to a thumb drive and walks out. An attacker drops an infected USB in the parking lot and someone plugs it in. Every major compliance framework (NIST 800-171, ISO 27001, HIPAA) requires controls on removable storage devices.

Method 1: Sherlock Forensics USB Blocker (Recommended)

Sherlock Forensics USB Blocker blocks USB storage devices at the IOCTL driver level. This is lower than the file system, which means the block cannot be bypassed by formatting the drive or using alternative file explorers.

Step-by-step

  1. Download USB Blocker. Get it from our product page. Single .exe, about 10 MB.
  2. Run as administrator. The application detects all connected USB storage devices.
  3. Select and block. Choose which drives to block. Click Block. The drives become inaccessible at the driver level.
  4. Verify. Try to copy a file to the blocked drive. The operation fails immediately.

The free version handles basic blocking and unblocking. The Pro Edition ($39 one-time) adds device whitelisting by serial number, audit logging, tamper protection and silent deployment.

Method 2: Windows Group Policy

Windows Pro and Enterprise editions include Group Policy controls for removable storage:

  1. Press Win+R, type gpedit.msc, press Enter.
  2. Navigate to Computer Configuration > Administrative Templates > System > Removable Storage Access.
  3. Enable Removable Disks: Deny read access and Removable Disks: Deny write access.

Limitations: This is all-or-nothing. You cannot block one USB drive and allow another. It does not work on Windows Home edition. Any user with local admin privileges can reverse it. There is no audit trail of who changed the policy or when.

Method 3: Registry Edit

You can disable the USB storage driver directly in the Windows Registry:

  1. Press Win+R, type regedit, press Enter.
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR.
  3. Change the Start value from 3 (enabled) to 4 (disabled).
  4. Restart the computer.

Limitations: This blocks ALL USB storage devices with no exceptions. There is no per-device control. Any admin can reverse it. One wrong registry edit can break other system services. There is no logging of when the change was made or who made it.

Comparison

Feature USB Blocker Group Policy Registry
Per-device control Yes No No
Audit logging Yes ($39 Pro) No No
Tamper-resistant Yes ($39 Pro) No No
Works on Home edition Yes No Yes
Bypass difficulty High (IOCTL) Low (admin) Low (admin)

Also handling email evidence? See how to open PST files without Outlook. Opening PDFs from unknown sources? Read how to safely open unknown PDFs.

Frequently Asked Questions

Can I block USB drives but allow keyboards and mice?

Yes. Sherlock Forensics USB Blocker targets USB mass storage devices only. HID devices (keyboards, mice, webcams) are unaffected. The blocking operates at the storage class level, not the USB port level.

Does blocking USB work on Windows Home?

Group Policy (gpedit.msc) is not available on Windows Home edition. The registry method and Sherlock Forensics USB Blocker both work on all editions of Windows including Home.

Can users bypass USB blocking?

Registry edits and Group Policy settings can be reversed by any user with local admin privileges. USB Blocker Pro includes tamper protection that survives privilege escalation attempts. The blocking service cannot be stopped or modified by standard admin operations.