Company logoHelp Center
Visit www.threatlocker.com

Blocking and Permitting USB Drives

4 min. readlast update: 06.09.2025

Table of Contents

Blocking USBs | Permitting USBs | Permitting a USB Drive by Serial Number

Deciding what you would like to lock down in your environment and how you would like to lock down your environment is a vital part of achieving optimum security. Within this scope falls the use of USB drives. Managing and addressing USB drives is essential to security as they are a potential threat to corporate data. There are some instances in which you might need to authorize using USB drives. Here we will cover our bases, demonstrating how to block and permit USB drives. 

Blocking USBs

In this example, we are creating the Deny Policy at the group level. First, navigate to the ‘Modules’ dropdown using the left-hand side of the page. Select ‘Storage Control’ from the list of modules. 

Picture 

Within the ‘Storage Control’ page, select the ‘+ New Policy’ button from the top left corner of the page. 

Picture 

Selecting this button will open the ‘Create Storage Policy’ side panel. 

Picture 

In the ‘Details’ section, start by inserting the ‘Policy Name’ of the application. You can optionally enter a description to denote what the policy is doing within your organization. 

Picture 

In the ‘Applies To’ section, you can select the level at which this policy is placed. You can choose between the entire organization, global groups, computer groups, or individual computers. For this example, we will be selecting 'Workstations'.

Within the ‘Conditions’ section, select ‘Read/Write’ and ‘Selected Interface’. Under the ‘Selected Interface’ portion, a dropdown will appear. Select ‘USB’ from the list of options. 

Picture 

Within the ‘Actions’ section, you will notice that ‘Permit’ has automatically been selected. Choose ‘Deny’ to deny access to using USBs. You can optionally allow users to request access, meaning they can retain access to ThreatLocker prompts that will permit them to send requests for USB access to the ‘Approval Center’. 

Picture 

Once you have made all changes, select the ‘Create’ button at the bottom of the page. 

Picture 

Select the ‘Deploy Policies’ button found in the top right corner of every page once you have created the policy. 

Picture 

Within 60 seconds, all USB Storage Devices within the selected group will be blocked. 

Permitting USBs

For this example, we will permit all USB drives on an individual computer. Start by navigating to the ‘Modules’ dropdown on the left-hand side of the page. From here, select the ‘Storage Control’ option. 

Picture 

Select the ‘+ New Policy’ button found in the top left side of the page. 

Picture 

Selecting this button will open the ‘Create Storage Policy’ side panel. 

Within the ‘Details’ section, insert the name for the Policy you are creating; you can also optionally enter a description. 

Picture 

Using the ‘Applies To’ section, you can use the dropdown menu to select where this policy will be applied. For this example, we will only be permitting the USB device on one user's computer.

 

Within the ‘Conditions’ section, select ‘Read/Write’ and ‘Selected Interface’. Under the ‘Selected Interface’ portion, a dropdown will appear. Select ‘USB’ from the list of options. 

Picture 

The ‘Actions’ section is set to permit by default. Make sure that this is selected. Additionally, you can optionally not have it logged within the Unified Audit. 

Picture 

Once all your changes have been set, select the ‘Create’ button at the bottom of the page. 

Picture 

Select the ‘Deploy Policies’ button found in the top right corner of every page once you have created the policy. 

Picture

Within 60 seconds, all USB drives will be permitted on the specified computer. 

Permitting a USB Drive by Serial Number

To permit a USB drive by serial number, you must define a Device within Storage Control. Using the left-hand side of the page, select the ‘Modules’ dropdown, then select ‘Storage Control’ from the list. 

Picture 

Once on the 'Storage Control' page, select the '+ Storage Device' button in the top left corner.

Picture 

This will open the ‘Create Storage Device’ side panel. You can define this storage device and enter its serial number here. 

Picture 

After defining your storage device, you can add it to a new policy. 

  • Navigate to Modules > Storage Control. 

  • Select ‘+ New Policy'

  • Name your policy and set the level where you want to allow this. 

  • Under Conditions, set the access to Read or Read/Write. 

  • Under Selected Storage Devices, select your defined Storage Device 

Picture 

  • Under Actions, ensure that this is set to Permit. 

  • Create and deploy policies. 

To find your device’s serial number, you can view this within the Unified Audit under “Additional File Details”, labeled in yellow as “S/N” 

Picture 

Additionally, the SerialNumber can be found locally on your Windows machine using Windows Management Instrumentation (WMI). By using ‘PowerShell’, you can enter the following command and receive information about the disk drive on your system: 

Get-WmiObject Win32_DiskDrive | select Model, Name, InterfaceType, SerialNumber 

The command will display the model, name, interface type, and serial number for you. 

Some storage devices may also physically contain their serial numbers.

For more information about creating Storage Control policies, see our ThreatLocker University course, Storage Control.

Was this article helpful?