Forum Discussion

Beitfinger's avatar
Beitfinger
Copper Contributor
May 18, 2025

Windows 11 blocks USB hardware access when launching apps from network share (UNC path)

Hi everyone,

I'm experiencing a Windows 11 security behavior that's causing issues with USB device access when launching an application from a network share (UNC path, e.g., \\Server\Builds\App.exe).

This issue is not specific to any particular USB device or application — in my case, it's a Unity-based app using the Azure Kinect SDK, but the underlying problem is that Windows 11 blocks access to USB devices entirely when the app is run over a network share.

When launched locally (from C:\), the app works perfectly and the connected device is detected as expected. But when launched from the network:

USB access is silently denied
In the case of the Kinect SDK, this manifests as a K4A_RESULT_FAILED error
Other USB hardware also seems blocked in similar scenarios
What I’ve already tried:
Mapping the UNC path to a drive letter
Adding the share to the Local Intranet zone
Enabling “Do not preserve zone information in file attachments” via Group Policy
Running the app as Administrator
Disabling Windows Defender temporarily
Checking for an “Unblock” option in file properties (not available for network paths)
Notes:
This behavior did not exist in Windows 10 — the exact same executable with the same device works fine when run from a network path on Windows 10.
Copying the application to a local path resolves the issue, but due to client requirements, the app must be launched directly from a shared server location.
What I need help with:
Is there any Group Policy, WDAC, or Smart App Control setting that can explicitly allow USB hardware access for executables launched from UNC paths?
Can Windows 11 be configured to treat a specific network path as trusted for full device and driver access?
Is this enforced by Smart App Control, Device Guard, or another Windows 11 security layer?

Any insight would be greatly appreciated. This is causing a real deployment roadblock and I’d love to hear from anyone who has worked around this type of restriction.

Thanks in advance 🙏

Application Management
configuration
deployment
device management
security

2 Replies

  • Gianmais's avatar
    Gianmais
    Iron Contributor
    May 23, 2025

    Sign your app with a trusted certificate and configure AppLocker to trust the app path. Use Group Policy to relax restrictions for your specific environment. Where possible, deploy a local copy during testing, then move to UNC once security settings are configured.

  • FlynnArcher's avatar
    FlynnArcher
    Iron Contributor
    May 21, 2025

    Windows associates security policies with the zone of the executable (e.g., Local Intranet, Internet). When you run an app from a network share, Windows may treat it as an untrusted source, leading to restrictions, especially regarding hardware access.

Resources