The ability of users to add new hardware devices to their computers creates a significant security issues for system administrators. A malicious user can potentially use a removable device with malicious software configured on it that includes an auto-run script to install malicious software on computers and steal company’s sensitive data.

Windows Vista enables system administrators an easy solution to help manage installation of unsupported or unauthorized removable devices. This hack explains how administrators can make a list of allowed devices based on Hardware IDs and prevent users from installing unauthorized devices.

To create an approved devices list:

1. Log on with administrative privileges
2. Click the Start button, type gpedit.msc and press ENTER to launch the Group Policy Object editor.
3. In the Group Policy Object, navigate to Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions.
4. Click on Allow installation of devices that match any of these device IDs.
5. On the Settings tab, click Enable to turn on the policy.

   

6. Click Show to view list of authorized devices.
7. Click Add to add a new device.
8. Enter the Hardware ID of your device. Hardware IDs are identifiers that provide the most exact match between a device and a driver package.

In order to get your device’s Hardware ID, install the device in a test environment and use the Device Manager to view the Device Details. In the property list, select Hardware IDs and copy the first value.

With the new policy enabled, apply it to the computer with gpupdate /force.