Our website relies on funding from our readers, and we may receive a commission when you make a purchase through the links on our site.

How To Lockdown USB Ports

by John Cirelly - Last Updated: July 25, 2023

How To Lockdown USB Ports

We are frequently required to let another person use either our laptop or our personal computer. A person who is malicious and possesses a pen drive that is infected with viruses and other malicious files can inject these malicious files into the system, which can cause damage to the device.

Additionally, someone who is malicious can steal our important documents through the use of a pen drive. When it comes to the safety of our information, we can never take enough precautions. To safeguard our device from viruses and any other vulnerabilities, disabling the USB Ports is a very good option that we may utilize.

By preventing unauthorized devices from accessing endpoints and sensitive data, a USB lockdown program, which is also referred to as USB blocking software, can assist businesses in preventing the leakage of sensitive data. A USB blocker prevents data from being copied onto removable devices that cannot be verified, providing an extra layer of security.

And if we ever find ourselves in a situation where we need to use USB Devices through USB Ports, we can enable these ports by employing a variety of methods, such as the device manager, the registry editor, or any other third-party software.

Some of you may have encountered a situation in which the computer at your place of employment or school did not respond when you attached a USB drive to it. This is because the administrator has deactivated the USB ports; as a result, USB drives will not be recognized.

Disable USB Ports using Device Manager

Additionally, using the Device Manager to turn off the USB ports is a relatively basic process. To access the Device Manager, right-click the Start menu and select the option. Once the window has appeared, select the Universal Serial Bus controller from the menu that displays. (This is the final possibility on the list.) You also have the option to choose the uninstall option for the USB drive. If you do this, Windows will be unable to locate the drivers for the USB drive if anyone inserts one.

Through the use of Device Manager, you can disable/enable or disable the USB ports. If you want to prevent other people from accessing your computer to transfer data or if you want to utilize your USB device on the computer you use at work, then follow these instructions to disable the USB drivers on your computer:

  • Step 1: Launch the Device Manager by going to the Start menu and entering “devmgmt.msc” into the Search box.
  • Step 2: Select the Universal Serial Bus Controllers menu option with a click. You will now be presented with a list of available USB ports.
  • Step 3:With the mouse’s right button, select the USB port to either disable or enable it.

How to Disable USB Ports through the use of Group Policy

You may find a tutorial on the CurrentWare blog that will provide you with in-depth instructions on how to utilize a Group Policy Object to prevent employees from using USB devices. The guide can be accessed by clicking here.

Even while implementing group policies is a helpful method for controlling the use of USB storage devices inside an organization, some drawbacks must not be ignored and should be brought to everyone’s attention.

When using a GPO, it can be difficult for the average user to implement specific USB restrictions that apply to different departments and users. To administer at a large scale, you will also need expertise with Active Directory.

Because dedicated software for blocking USB mass storage devices is straightforward to handle, such as the AccessPatrol program, it is possible to delegate the modification of policy changes to individuals who are less knowledgeable about technology. When employing specialist software to prevent USB connections, the management of specific USB rules for particular users is simplified and made more intuitive.

How to Disable USB Ports so they can only be used with Mass Storage Devices

You can do this with AccessPatrol if you want to disable only the USB ports that are used for mass storage (for example, without limiting the use of keyboards, mice, and other USB devices that you want to use).

When you disable USB ports using AccessPatrol, the software will make a distinction between USB mass storage devices and other peripherals, such as keyboards and mice, before turning off the ports. In addition to that, it offers granular management over various portable storage devices including SD Cards, mobile phones, and external hard drives.

Because it can differentiate between mass storage and keyboards, AccessPatrol is the most effective software available for banning USB mass storage devices in a business setting.

Disable or enable a USB Drive using a Registry

If you want to try to disable a USB drive via utilizing the registry, you can do so by typing “run” into the search box (though maybe first take a look at our guide on creating a backup of your registry). Once it does, start typing regedit into the box that comes up, and the registry editor should display. When you are in the Registry Editor, navigate to the following directory:

  • Double-clicking “Start” in the pane on the right will open the “Edit DWORD (32-bit)” box for you to work in.
  • The data for the value will be initialized to “3” by default. Simply changing the “Value data” to “4” and clicking “OK” will turn off the USB storage.
  • Simply changing the value data back to “3” will (re)enable the USB storage; once this is done, the USB storage will once again be enabled.

Enable the CurrentWare Console on your computer

  • Step 1: Choose the user or computer groups that you want to have administrative privileges over.
  • Step 2: Choose Device Permissions from the submenu of the AccessPatrol tab.
  • Step 3: Select USB from the list of storage devices in the menu.
  • Step 4: In the Access Permissions section, select the level of restriction you would like (Full Access, Read Only, No Access)
  • Step 5: After clicking the Apply button, click the OK button.

If you follow these instructions, you will be able to prevent USB mass storage devices from functioning while still enabling keyboards and mice to do their jobs.

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux that puts an end to unintentional data leaks protects against malicious data theft and offers seamless control of portable storage devices. Endpoint Protector is designed to put an end to accidental data leaks, protect against malicious data theft, and offer seamless control of portable storage devices.

Its content filtering capabilities for data both while it is at rest and while it is in motion range from predefined content based on dictionaries, regular expressions, and machine learning to profiles for data protection regulations such as GDPR, HIPAA, CCPA, PCI DSS, and others. These capabilities are available for both data while it is at rest and while it is in motion. CoSoSys’s products are sold all over the world by a network of partners and resellers, as well as directly to customers via the company’s online portal.

How exactly does the Endpoint Protector function?

Endpoint Protector is a data loss prevention solution; thus, it protects your data both while it is at rest and when it is in transit.

It does this for data that is in motion by monitoring all of the points of exit and imposing restrictions on the content based on what the administrator or management of the organization has decided it should be.

Endpoint Protector’s device control module and content-aware protection module are both utilized in the process of protecting data while it is in transit. The content-aware protection module is in charge of monitoring the data that is transferred between all of the web applications, while the device control module monitors all of the peripherals that are connected to your computer system.

It performs a scan of the content that is stored on the user’s system and provides you with the ability to take any necessary corrective actions for data that is “at rest.” The scan is based on the sensitive content policies of your organization. Endpoint Protector’s eDiscovery module protects data while it is at rest.

Features and contributions of CoSoSys

CoSoSys Endpoint Protector

The CoSoSys Endpoint Protector is composed of multiple individual modules that can be combined in any way that best meets the requirements of your business in terms of data protection.

Endpoint Protector’s most important feature is its ability to control external devices. With the help of this fundamental module, IT managers can conduct real-time, remote scans of USB-attached drives as soon as those drives are linked to a protected workstation. The CoSoSys administration site is used to show data from connected devices, and the program maintains an activity log that documents all data transfers and connections made to external devices.

In addition, Endpoint Protector gives managers the ability to block data transfers to and from external devices by setting granular permissions for those transfers. The assignment of permissions can be done based on roles or for particular categories of devices.

Because these rights cannot be effortlessly moved from one operating system to another, setting them can, unfortunately, be a time-consuming process. It is also important to note that even though the permission settings are quite sophisticated, they do not enable the whitelisting or blacklisting of particular file types rather than entire devices.

Users can be compelled to encrypt data before moving it to an external drive if Endpoint Protector is used to enforce this requirement. When working with sensitive data, having this capability available is highly helpful because it eliminates, to a significant extent, concerns about the data’s security in the case that external drives are misplaced or stolen. IT administrators can change encryption requirements as well as other user rights that are connected to device control.

It is important to keep in mind that enforced encryption is not accessible on Linux computers and is only available on Windows and Mac computers at this time.

The eDiscovery function of CoSoSys examines the files that are dormant on the PCs of employees to locate confidential information. After that, IT administrators can remotely encrypt the data or delete it. This functionality is essential for compliance with HIPAA, PCI, and GDPR since it prevents sensitive data from being taken if a device is misplaced or stolen, which is a requirement of all three regulations.


You can activate or deactivate the USB ports in Windows 10 by utilizing any one of the ways described above. Endpoint Protector, made by CoSoSys, is a very potent piece of software designed for companies that need to exercise command over the flow of data into and out of their enterprises. Depending on the requirements of your company, the platform can either be quickly implemented using a pre-configured server, or it can be completely adapted to work in a cloud environment.

In addition, this company specializes in data protection and offers role-based, granular permissions for users, which can make it easier for your IT staff to manage your network. In the end, I sincerely hope that you enjoyed reading this article.

USB Ports Lockdown FAQs

How can you lockdown USB ports on a Windows computer?

You can lockdown USB ports on a Windows computer by disabling USB ports through the device manager, setting permissions and access controls through group policy settings, or using third-party software solutions.

How can you lockdown USB ports on a Mac computer?

You can lockdown USB ports on a Mac computer by setting permissions and access controls through system preferences, or using third-party software solutions.

Can USB lockdown affect other devices that connect through USB ports?

Yes, USB lockdown can affect other devices that connect through USB ports, such as printers, scanners, and external hard drives. It is important to carefully manage and configure USB lockdown to ensure that essential devices are not affected.

Can USB lockdown be bypassed or circumvented?

USB lockdown can be bypassed or circumvented by physically modifying or disabling USB ports, or by using software and hardware tools to bypass security measures. It is important to regularly monitor and assess USB security measures to ensure their effectiveness.

Can USB lockdown be used for mobile devices?

Yes, USB lockdown can be used for mobile devices, such as smartphones and tablets, by disabling USB debugging and access through settings or using third-party security solutions.

How can you manage USB devices and access in a Bring Your Own Device (BYOD) environment?

In a BYOD environment, you can manage USB devices and access by implementing mobile device management (MDM) solutions, enforcing access controls and policies, and regularly monitoring and auditing USB usage.

Can USB lockdown affect productivity or business operations?

Yes, USB lockdown can potentially affect productivity or business operations if essential devices or workflows are impacted. It is important to carefully plan and test USB lockdown measures before implementation, and to regularly monitor and assess their impact.