Microsoft Adds Group Policy Controls over Windows 10 Device Installs
Microsoft on Wednesday described a newly added capability for IT pros overseeing Windows 10 machines, permitting them to block or allow device installations via Group Policy settings.
The capability is called the "apply layered Group Policy" by Microsoft. IT pros can use it to control device installations generally, or they can specify which devices to permit or block. Organizations might use these policies to block end users from installing USB-based devices on Windows 10 machines, such as printers or thumb-drive storage devices, which may be conceived as security risks.
The new Group Policy feature for controlling device installations on Windows 10 machines is available now at the preview stage for organizations that opted to install the July Windows 10 optional "C"-week updates. C-week updates, which are preview releases, arrive on the third Tuesdays of each month (July 20, 2021, in this case).
However, Microsoft is aiming to release this capability more broadly for use with Windows 10 machines during August's "update Tuesday" release. Update Tuesday releases are deemed production-environment ready releases by Microsoft. They are scheduled for release on the second Tuesdays of each month. This month's update Tuesday release is expected to occur on Aug. 10.
Group Policy controls over device installations also will be coming to Windows 11, plus Windows Server at some point, Microsoft's announcement promised.
The "apply layered Group Policy" feature possibly is so named because it takes advantage of the "class, device ID and instance ID" aspects of Microsoft's Plug and Play mechanism, which is used to automatically find and install device drivers. The concept is explained in this "Manage Device Installation with Group Policy" document, dated July 5.
The document outlined the various scenarios where IT pros may want to restrict or permit device installations. Blocking the installation of USB thumb drives can be used as a possible security precaution to keep people from copying company data, it explained.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.