Two easy steps that would help keep your PC secure

Aug 2, 2018 11:06 GMT  ·  By

Removable drives have often been used as the main spreading method for various forms of malware, and the autorun feature that Microsoft has integrated into Windows served as the door to your data.

And while antivirus solutions have become more effective in the fight against such malware, blocking it from the moment a removable drive is plugged in to the computer, there’s a different way to avoid infections and at the same time get some extra options.

Blocking the installation of apps stored on removable drives is seen by IT admins not only as a security feature, but also as a method to block employees from deploying software they aren’t allowed to, like games or personal apps.

Fortunately, there are easy ways to just restrict the installation of programs from removable media sources, like USB drives and DVDs, and they are available for both Windows 10 Home and Windows 10 Pro.

Launching the Registry Editor from Start menu

On Windows 10 Home

Users running Windows 10 Home can employ such a restriction with the help of the Registry Editor. Of course, this involves being logged in with an administrator account, as standard accounts can’t make any changes in the Windows registry.

So the first thing to do is launch the Registry Editor. Press the Windows key + R and type regedit – as an alternative in Windows 10, you can just click the Start menu and type Registry Editor if you think this is a more convenient method.

In the Registry Editor, you need to navigate to the following path (just copy and paste the path in the address bar within the app):

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer If the location does not exist, you have to create it by right-click every previous root folder and going to New > Key. Just make sure you enter the names of the folders correctly, as shown in the path above. Once you are there, you must create a new DWORD value called DisableMedia. To do this, right-click the right pane and go to New > DWORD (32-bit) Value. Double-click the newly-created DisableMedia and in the value data field, enter 1 – the standard value, which should be 0, means app installation from removable drives is allowed. If you want to return to the default configuration, you can either input value 0 or just remove the DWORD value entirely.
This is the registry key that needs to be created

On Windows 10 Pro

The aforementioned method works on Windows 10 Pro as well, but on the other hand, IT admins have a different method to apply these settings on employee PCs without letting them make any further changes.

It all comes down to the Group Policy Editor, which can be launched by pressing the Windows key + R and typing gpedit.msc. You can also launch it by clicking the Start menu and typing Group Policy Editor.

Here, you need to navigate to the following location:

User Configuration > Administrative Templates > Windows Components > Windows Installer In the right pane, there’s a list of pre-defined policies, including one called Prevent removable media source for any installation.

Double-click it to change the default configuration – by default, it should be set to Not Configured. As the policy description explains:

“If you enable this policy setting, if a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears stating that the feature cannot be found.”

Check the option that reads Enabled and then close the window to have the new settings applied to a specific configuration. If you want to return to the original settings, you can either toggle the policy back to Not Configured or Disabled on the same computer.

The dedicated policy in the Group Policy Editor

Photo Gallery (4 Images)

Drives in Windows 10
Launching the Registry Editor from Start menuThis is the registry key that needs to be created
+1more