This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 88%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Hello everyone,
Is it possible to unlock a USB port if a known device is connected?
Let me explain: as part of cybersecurity, our company has blocked USB ports for non-admin users (via GPO).
This prohibits devices other than keyboards and mice, such as HDDs, USB flash drives, phones, etc. This is to prevent possible malware infection.
We have a fleet of vehicles equipped with GOPRO-style cameras that film the road and the drivers' routes. They must save the recordings daily.
Is it possible, via GPO or software (I'm a developer, so if a ready-made solution doesn't exist, we could do it ourselves), to unlock the USB port only if the device's serial number or IMEI is pre-approved in the system?
Thank you for your reply.
PS: Our machines are running Windows 10, but if we need to configure one to Windows 11, no problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Christophe Peters,
Thank you for posting in Q&A forum.
Yes, it is possible. To achieve USB port control based on device serial numbers or IMEIs, you can leverage Windows Group Policy and Device Installation Restrictions. Here are the steps to set this up: 1. Open Group Policy Editor:
• Type gpedit.msc in the Run dialog (Win + R) to open the Group Policy Editor.
• Go to Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions.
• Enable the policy "Prevent installation of devices not described by other policy settings".
• Enable the policy "Allow installation of devices that match any of these device IDs".
• Add the device IDs (serial numbers or IMEIs) of the approved devices to the list.
• Apply the policy settings and restart the computer to enforce the restrictions.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello
I've tried the above method.
Unforunatley , this does'nt work. The GPO which blocks usb for non admin users is defined int the domain controller of the domain .
May be it's the issue. Shoud we define a gpo at the domain level ? We want to enable the usb port on a specific computer for a specific device (gopro camera) . not for all the computers from the domain .
Any suggestion ?
Thanks