Block USB ports with regedit and other methods in Windows

If you want to limit the use of external memory and USB drives on your computer, here is a complete guide to Block USB ports in Windows to regedit and other optionsYou'll see methods to completely disable removable storage or limit it (read-only), along with alternatives from group policies, Device administrator, BIOS/UEFI and third-party utilities.

Before we get into the nitty-gritty, keep in mind that some methods can prevent USB peripherals such as the keyboard and mouse from workingIf you're going to aggressively disable ports, consider using a Bluetooth keyboard and mouse while making changes. And keep an eye on the Registry: Touching what you shouldn't can leave you Windows unstable, so act responsibly and make a backup or restore point.

What does blocking USB ports in Windows 10 and 11 mean?

There are several ways to "block USB" and each has different effects. Changing the mass storage service (USBSTOR) from the Registry specifically blocks storage devices (USB flash drives, external drives, some SD cards), but not other USB devices such as webcams or printers. However, disabling controllers in Device Manager or from BIOS/UEFI may disable all USB ports, also affecting the keyboard and mouse.

Another approach is group policies or their equivalent in the Registry, which allow deny access to all removable storage classes or read/write only on removable disks. These options are ideal for corporate or educational environments, as they are more granular and manageable.

As you can see, there is no single “magic switch.” Choosing the right method depends on whether you need to completely block the port. or just prevent data from being copied to/from external drives.

Block USB storage with Registry Editor (regedit)

This method disables the service that allows Windows to mount USB storage drives. It's quick and effective, and easily reverted. However, make a copy of the registry or a restore point before starting.

1. Balance Win + R, writes regedit and accept to open the Registry Editor. Don't touch entries you don't know..
2. Navigate to the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor. Make sure you are on the right path to avoid errors.
3. In the right panel, double-click Start. Change the value of 3 a 4 (Hexadecimal base) and press OK. This disable USBSTOR.
4. Restart the computer to apply the changes. USB drives will be rendered unusable (they will not be mounted).

To revert it, go back to the same route and change Start a 3, then restart. If you notice that it still doesn't work, look at the policies from the next section, as they may be denying access by another means.

Deny access to all removable storage with policies (GPO)

If you're using Windows Pro or Enterprise, Group Policy is the cleanest and most centralized method. It allows block all removable storage classes with a couple of clicks and is ideal for multiple machines.

1. Opens Win + R, writes gpedit.msc and enter the Local Group Policy Editor. You need administrator permissions.
2. Navigate to: Configuración del equipo > Plantillas administrativas > Sistema > Acceso de almacenamiento extraíble. This centralizes the access rules.
3. Activate the directive “All removable storage classes: Deny access to all”. Apply and Accept. With that Windows will deny access to USB flash drives, external disks, CD/DVD and other removable media.

Optionally, you can play with specific directives for “Removable disks: deny read access” y “Removable disks: deny write access”With these, the user can read but not write, or vice versa, depending on your needs.

Do the same via Registry: RemovableStorageDevices

The above directives create registry entries that you can review or manipulate manually. If you notice that, even though you've reverted other changes, Windows keeps denying access, check this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows/RemovableStorageDevices

1. Opens regedit to Win + R and search for the previous route. If the key exists and you don't need the restrictions, you can remove it.
2. Right click on Removable Storage Devices and choose Delete. Confirm carefully; you are touching system policies.
3. Close the Registry and reboot. This should remove the policy blocks and re-enable USB.

Remember the warning: Modifying the Registry incorrectly can cause serious problemsIf in doubt, consult with IT or create a restore point first.

Restrict writing to USB drives only (read-only mode)

Another strategy is to allow the drives to be mounted but prevent data from being written, useful if you want to prevent information from being copied from your PC to a USB.

Method from Registry:

1. Opens regedit and go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies. If the key does not exist, create it with that name.
2. Inside, create a value DWORD (32 bit) called WriteProtect with data 1 to activate write protection. With 0 you allow it again.
3. Restart the computer to apply. The user will be able to read, but You may not record or modify content on removable drives.

GPO Method (Pro/Enterprise): Go to Configuración del equipo > Plantillas administrativas > Sistema > Acceso de almacenamiento extraíble and enables “Removable disks: deny write access”. Is a way clean and centralized to implement the policy.

Disable USB ports from Device Manager

If you prefer to act on logical hardware, Device Manager allows you to disable specific USB controllers. It is useful when you want to block certain ports but keep others.

1. Balance Win + X and open Device administrator. This console displays the hardware tree.
2. Unfolds Universal Serial Bus (USB) ControllersYou'll see hubs, controllers, and sometimes specific ports.
3. Right click on the device you want to limit and choose Disable device. Confirm. From that moment on, Windows won't load drivers for that element.
4. To revert, right click and Enable device. Reversal is immediate upon enabling.

Keep in mind that you can disable the keyboard or mouse by disabling the driver that manages them. Act with caution and document what you touch to be able to reverse.

Other advanced and alternative techniques

In addition to the best-known routes, there are several complementary methods which can be adjusted to more specific scenarios or corporate restrictions.

Uninstall USB Mass Storage Drivers

In shared environments (school, office), you can uninstall the drivers of “USB mass storage”When someone plugs in a memory stick, Windows will prompt them to reinstall the drivers. This is a useful barrier if the user doesn't have permission to install.

In Device Manager, under USB Controllers, locate the USB device. Masive storage, right click and Uninstall. Upon reconnecting, the system will prompt for drivers, which stops immediate access.

DevCon: Managing USB via the command line

DevCon (devcon.exe) It is a Microsoft utility included in the Windows Driver Kit (WDK) allowing list, enable, and disable devices from the console. Install the WDK to use DevCon.

• List USB devices: devcon find usb*. With this you identify the hardware ID of the device to be treated.
• Disable a specific device: devcon disable ID_DE_TU_DISPOSITIVO. Change it to the correct ID for block that specific USB.
• To reverse: devcon enable ID_DE_TU_DISPOSITIVO. A) Yes you reactivate the device when you need it.

DevCon is great for scripts and automations, for example, apply policies at startup or logoff without manual intervention.

Deny permissions to USBSTOR installation files

If there are no USB storage devices installed on your computer yet, you can prevent their installation by denying read permissions to usbstor.inf y usbstor.pnf. It is a classic approach that blocks the installation of drivers.

1. Open Explorer and go to %SystemRoot%\Inf. This is where the .inf driver files live.
2. En Usbstor.inf y Usbstor.pnf, open Properties > Security. Add the target users or groups and the account SYSTEM, marking Deny: Full control.
3. After this, users will not be able to install USB storage devices on that team.

Caution: By denying “SYSTEM” you can create side effects. Document and prove in a test set before applying it massively.

Unmount/eject drives to temporarily block their use

If you just want to prevent the use while remaining connected, you can eject it from the Explorer (This team > right click on the drive > Eject). The system will stop mounting it even if it is connected, remaining inoperative until you reconnect it.

Disable ports from BIOS/UEFI

Some plates allow disable USB ports at the firmware level. Consult your motherboard or computer's manual and, if it exists, disable the desired ports from the BIOS/UEFI. It's a robust method, although more delicate and advanced; avoid touching it if you are not sure.

Physical disconnection of front ports

In PC towers, sometimes it is enough to disconnect the cable that connects the front ports to the motherboard. It is not usually viable for all ports, but it reduces unauthorized manipulation of the most accessible.

Third-party applications to block USB

If you prefer a solution with a low-friction interface, there are lightweight utilities for Enable or disable USB with one or two clicks, without going into the Registry or BIOS. However, its design may be basic and lack advanced options.

Nomesoft USB Guard

Lightweight and easy to use tool block USB devices, designed to prevent flash drive infections. It consumes few resources and is handled in very few steps, ideal for inexperienced users. On the other hand, its interface looks somewhat dated.

USB Drive Disabler

Portable application that allows disable access to all USB ports with one click and re-enable them just as quickly. Being portable, it does not permanently install or modify the Registry and leaves no residue when removed. The downside: it offers few customization options for advanced users.

Reasons, risks and good practices

Blocking or limiting USB usage helps to protect sensitive data and the networkA simple pendrive can introduce malware or facilitate information leakage in corporate environments.

• Prevent data theft: Unauthenticated devices are a blind spot in many enterprises.
• Reduce infections: USB malware remains a classic attack vector.
• Control the flow of information: Restrict read/write limits exposure.

Common causes of data loss on USB include: accidental deletion, formatting without copying, physical damage, sudden disconnections, and infections. Keep regular backups and clear policies on the use of removable media.

Remember that aggressive measures (disabling controllers, BIOS) can break the peripheral operationIf you plan on a full lockdown, have alternatives like a Bluetooth keyboard/mouse and a local administrative account on hand to reverse with guarantees.

Troubleshooting and reverting changes

If after applying changes your team It does not recognize pendrives or USB disks, review these points before giving up:

• In Registry, check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor and put Start = 3 to enable. Reboot and try again.
• Review the policy key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices. If it exists, delete it (right click > Delete) and reboot.
• In GPO, set “Not Configured” or “Disabled” to “All removable storage classes: Deny access to all” and in the read/write ones.
• In Device Manager, enable any USB controller that you accidentally disabled.

If you get a denial message when connecting or the computer doesn't even blink, it's most likely a USBSTOR directive or service Keep blocking access. Adjust policies and the registry first, then reboot and test again.

Recovering data from a USB: options and steps

When data on a USB flash drive disappears due to deletion, formatting, or corruption, it's key to act quickly: avoid writing anything new on the device so as not to overwrite. There are recovery tools such as Wondershare Recovery that simplify the process.

1. Connect the USB drive and make sure the system detects it. If not, try other ports or a different adapter and consult USB power solutions.
2. Open the recovery tool, choose the USB drive and press Start to perform a full scan. The scan may take several minutes According to the size.
3. Preview the results (photos, videos, documents) and mark the files that you need to recover
4. Balance Recover and save to a location other than the source drive for avoid overwriting.

This type of software supports a wide variety of formats and scenarios, but remember: The sooner you attempt recovery, the better the results. you'll get.