我需要在我的 Windows 10 主机 (21h1) 上仅允许特定的 USB 媒体。
gpo 配置:
GPO_LocalMachineRegistryKeySet "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions"
“DenyUnspecified” "DWORD:1" GPO_LocalMachineRegistryKeySet
“Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions” "DenyRemovableMedia
“DWORD:1”
第一步,USB 设备不可见。我将设备添加到白名单中
GPO_LocalMachineRegistryKeySet "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs"
“*”`“DELETEALLVALUES”
GPO_LocalMachineRegistryKeySet "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs"
“1”`“SZ:USBSTOR \GenDisk”
GPO_LocalMachineRegistryKeySet "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs"
“2”`“SZ:STORAGE \ VOLUME”
gpupdate.exe /force
然后我插入我的 USB 密钥。USB 密钥可见并已安装。但如果我从白名单中删除 USB 密钥条目并再次拔出/插入 USB 密钥,密钥仍然可见
谢谢