Join Log in
Score:1
avatar Server

Block or Disable USB tethering using Windows AD GroupPolicy

cn flag
Krunal

For Windows based PCs connected with Windows AD with Group policy, we want to block USB phone tethering options. And we have tried following things which seems to be working for some people but not us.

We have applied computer policy to block device installation

System/Device Installation/Device Installation Restrictions > Prevent installation of devices that match any of these device IDs

Device ID USB\class_e0

This was described on Microsoft Technet. I have also reviewed the process described here.

I am just not sure whether device ID USB\class_e0 is the correct one or not?

Also, I check hardware IDs of few phones and all of them have distinct IDs like

Device 1

  • USB\VID_22D9&PID_276A&REV_0404&MI_00
  • USB\VID_22D9&PID_276A&MI_00

Device 2

  • USB\VID_2717&PID_FF80&REV_0404&MI_00
  • USB\VID_2717&PID_FF80&MI_00

Device 3

  • USB\VID_04E8&PID_6863&REV_0400&MI_00
  • USB\VID_04E8&PID_6863&MI_00

Now, when I add the complete device ID, the policy works as expected, i.e. the device is not installed and thus usb tethering now blocked for that particular device. Please check my current policy screenshot:

Policy settings screenshot

What is wrong, and how to resolve this to block all devices without adding each device IDs?

124
0 + 0
cn flag
Greg Askew
Obviously this setting will not work if an endpoint does not have an expected setting value, and is not a valid approach. I'm curious though, have you enabled the policy setting that disables other network adapters when connected to a domain network? I know that works with wireless, not sure what adapter type these are.
0
Reply
cn flag
Greg Askew
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsConnectionManager::WCM_BlockNonDomain
0
Reply
cn flag
Krunal
how can we do this https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsConnectionManager::WCM_BlockNonDomain using Group Policy?
0
Reply
cn flag
Greg Askew
To check if the setting is enabled, you need to use regedit and check for the registry value `HKLM\ Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockNonDomain`
0
Reply
cn flag
Krunal
Can this setting be enabled using group policy? If yes, how?
0
Reply
cn flag
Greg Askew
It IS a group policy setting.
0
Reply
cn flag
Krunal
Didn't noticed that!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.