SWIF.ai

Goal Let IT block—or later unblock—all removable-storage devices (USB flash drives, external HDD/SSD, SD-card readers, smartphones in Mass-Storage mode, etc.) on Windows endpoints with a single policy. This helps stop data exfiltration and malware sideloading.

___________________________________________________________

Device Management ▸ Policies ▸ Add Policy.

Select Windows USB Policy ▸ Configure.

(Optional) Rename or describe the policy for your environment.

Adjust the setting(s) below → Continue → assign to devices / groups → Publish.

1. Device Management ▸ Policies ▸ Add Policy.
2. Select Windows USB Policy ▸ Configure.
3. (Optional) Rename or describe the policy for your environment.
4. Adjust the setting(s) below → Continue → assign to devices / groups → Publish.

Note This control does not block USB keyboards, mice, webcams, network adapters, dongles, or charging. It targets the USBSTOR driver and Storage class GUIDs only.

When a blocked USB stick is inserted, Windows shows “Access denied” and the drive letter will not mount.

Swif Desktop displays an optional toast: “USB removable storage is blocked by your organisation.”

- When a blocked USB stick is inserted, Windows shows “Access denied” and the drive letter will not mount.
- Swif Desktop displays an optional toast: “USB removable storage is blocked by your organisation.”

Swif Inventory ▸ Device ▸ Policies tab should show Applied.

On the endpoint, run <code>Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR"</code> – value Start = 4 indicates the driver is disabled (blocked).

1. Swif Inventory ▸ Device ▸ Policies tab should show Applied.
2. On the endpoint, run <code>Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR"</code> – value Start = 4 indicates the driver is disabled (blocked).

Need assistance? Chat with us in-product or email <a href="mailto:support@swif.ai" rel="nofollow noopener noreferrer" target="_blank">support@swif.ai</a>.

<a href="https://help.swif.ai/en/articles/11526530-windows-specific-mdm-policies-available-in-swif">Swif Policy glossary</a> – see All Windows policies article for context.

Windows USB policy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Requirement	Details
Supported editions	Windows 10 or later• Pro• Enterprise• Education• SE• IoT Enterprise / LTSC
Swif Agent	v1.102+ (auto-updates)
Local rights	No end-user admin rights required; policy is enforced by the Swif MDM service

Field	Values	Effect
Block the Removable Disk	• True – disables Windows’ removable-storage class driver. Any new USB mass-storage device is rejected; existing drives are ejected.• False – allows removable drives as normal.	Policy refresh every 15 min or on reboot. No reboot needed to enable the block; a reboot is needed only if you later unblock and the device was actively in use.

Scenario	Recommendation
Sensitive laptops (finance, HR, execs)	Apply Block = True to a “No-USB” device group.
Temporary exception	Flip Block = False, wait for policy sync, ask user to reboot, then revert to True once transfer is done.
Mixed environment	Combine with Swif’s macOS/Linux USB policies for uniform posture.
Logging	Pair with the Windows Tracking Policy to log plug/unplug events for audit.

Symptom	Cause / Fix
USB still mounts after 30 minutes	Device offline – check last check-in time. Ask user to connect to VPN/Internet.
BitLocker recovery prompt appears	Expected if the drive was BitLocker-encrypted before blocking; allow user to cancel.
*Need to allow a single* authorised drive**	Current policy is global. Use Windows AppLocker or a 3rd-party DLP tool for granular whitelisting.

Windows USB policy

1 . Prerequisites

2 . Add the policy

3 . Available setting

4 . What the user sees

5 . Verify enforcement

6 . Best-practice tips ✅

7 . Troubleshooting