Intune: How to bypass USB device restrictions
Let’s assume that as an IT administrator, you deployed a configuration profile via Intune to prevent users from connecting USB devices to their computers. Everything works very well, and you’re quite satisfied with your setup. Then one day, you urgently need to copy a file from one of these computers. You don’t have Internet access to send the data via an online storage solution (OneDrive, Google Drive, etc.). On the other hand, you do have a USB device to hand. As you can see, you need a way to bypass the security set up above. In this blog post, I’ll show you how.
Resolution
You need to edit the following two registry keys below:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\System
Name: AllowStorageCard
Type: DWORD
Value: 0 for block, 1 for allow
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters
Name: StorageCardDisabled
Type: DWORD
Value: 0 for allow, 1 for block
Now you can connect the USB stick, and you’re ready to go!
Alternatively, You can wrap all this as PowerShell script and run it:
function change-registry([string]$reg, [string]$name, [int]$value) {
try
{
Set-ItemProperty -Path $reg -Name $name -Value $value -Type DWord -ErrorAction Stop
}
catch
{
New-Item -Path $reg -Force
New-ItemProperty -Path $reg -Name $name -Value $value -Type DWord
}
}
change-registry -reg "HKLM:\Software\Microsoft\Windows\CurrentVersion\StorageSense\Parameters" -name "StorageCardDisabled" -value 0
change-registry -reg "HKLM:\Software\Microsoft\PolicyManager\Current\Device\System" -name "AllowStorageCard" -value 1
Thank you for reading this article all the way to the end! I hope you found the information and insights shared here to be valuable and interesting. Get in touch with me on LinkedIn
I appreciate your support and look forward to sharing more content with you in the future. Until next time!
Reference
Originally published at https://theko2fi.github.io on October 7, 2023.