Disable USB in Windows

Posted on July 7, 2019 by - Windows, Windows 10

Here is how you can disable the use of USB in Windows

Windows promises a host of security options, from PINs and passwords to even fingerprint recognition in some supported laptops. More recently, Microsoft also introduced face recognition with Windows Hello. However, what many people don’t know is that there are ways you can easily bypass Windows security and access any file/folder on the hard drive as long as it isn’t encrypted.

This can be done by accessing the boot menu and installing another operating system like Ubuntu and then using that to access the hard drive. What’s more, you can even use a bootable USB to directly boot an operating system from the USB and use it to access the files on the hard drive. You can set a password on the Windows Boot Menu using our guide to prevent that from happening.

Moreover, once Windows is logged in, there are several ways you can a USB to install malicious software on the computer.

One way to keep safe is to temporarily disable the use of any USB storage device in Windows when you are not using it. Here are two ways you can do it using the built-in tools inside Windows,

Disable USB storage devices using Windows Registry Editor

You can disable the use of USB storage devices in Windows by making changes in the Windows Registry. It is basically a collection of databases that stores configuration settings for everything from the operating system to other software programs to user preferences, etc.

Windows comes with a Windows Registry Editor that allows you to make changes but the problem with this is that, if you don’t know what you are doing, you can easily end up messing with some critical system settings and cause other programs (or even the operating system) to go haywire. The best thing to do before you make any changes is to make a backup, so if you make any undesired changes, you can quickly revert back without causing any permanent harm. You can do it by using our guide over here.

To disable the USB storage devices using Registry Editor, follow the steps given below,

  1. Press START + R and type ‘regedit’ in the dialog box, then press Enter.
  2. Go to the following path, as shown in the screenshot below,
    Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
  3. In the right panel, find the key called Start and double-click it.
  4. Change the Value data and change it from to 4.

That’s it. Now, all you need to do is restart Windows and it will disable the use of all USB storage devices. Meanwhile, other USB devices like keyboard, mouse, joysticks, should still work just fine. To re-enable them, follow the same steps and in step 4, change the value data for the key back to 3.

Disable USB storage devices using Group Policy Editor

The Local Group Policy Editor (gpedit.msc) is another Windows tool that provides a single user interface through which all the Computer Configuration and User Configuration settings of Local Group Policy. You can also use it to disable or restrict access to USB storage devices.

  1. Press START + R and type ‘gpedit.msc’ in the dialog box, then press Enter.
  2. Go to the following path, as shown in the screenshot below,

    Computer Configuration > Administrative Templates > System, and select Removable Storage Access
  3. On the right panel, find these three keys,
    • Removable Disks: Deny execute access
    • Removable Disks: Deny read access
    • Removable Disks: Deny write access
  4. Double click and configure all the options, one by one. You can do it by double-clicking on an option, then select Enabled, click on Apply, and finally click on OK.

That’s it. It should disable execute, read, as well as write access for any USB storage devices. To re-enable them, follow the same steps and select the options for all the keys to Disabled.

Disable USB ports using Device Manager

Lastly, you can also use the Windows Device Manager to completely disable the USB ports on your machine. However, the drawback to this approach is that you won’t be able to use any USB devices as long as the ports are disabled. Here is how you can do it,

  1. Press START + S to open Windows Search and type Device Manager, and open it.
  2. In the list of options, find Universal Serial Bus controllers.
  3. It will display a list of all the USB ports on your machine. Simply right-click on any port and select Disable Device to disable that particular port.