SOLVED

Can't restore access to USB storage device

Copper Contributor

Good evening, I have a problem restoring access to USB archive in devices managed by intune.
I insert a new user in the OU excluded from the policy that blocks USB storage device. Until now the user had access to them.
Obviously this does not restore the access, I have to do it.

I changed the registry value

HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\System\AllowStorageCard to 1

and I checked that there are no values in the key

HKLM\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevice

When I insert a USB storage the icon appears, I see that it is in FAT32 or NTFS format but if I explore the content it tells me that I have to insert a USB device.

What do I need to change to restore access to USB storage device?

8 Replies
Hi there, I have blogged about this before? Can you check your settings against the bonus tip section in this article: https://letsconfigmgr.com/block-usb-drives-microsoft-intune/

A restart is required so maybe that's the bit your missing?

Hi @perty1976! Unfortunately, like you've noticed, this configuration is tattooed on the device (it's not removed when unassigned, it just isn't enforced anymore).

 

When you say you already "changed the registry value", did you do it manually or via OMA-URI (./Device/Vendor/MSFT/Policy/Config/System/AllowStorageCard = (integer) 1)? The latter should work. It requires a restart, though.

 

 

Hi @NielsScheffers 

Thank you @Durrante  the article was one of those I referred to. 

 

When AllowStorageCard = 0  

perty1976_0-1661197011146.png

 

 
 
But when AllowStorageCard = 1 

perty1976_1-1661197011147.png

 

 

And the storage device is connected 

perty1976_2-1661197011147.png

 

 

Yes, when I change registry key I restart my notebook and I am trying with different storage devices. 

 

I change registry settings manually by regedit as local admin. 

 

Now the configuration to disable USB is for all autopilot devices but my is in a filter for exclusion and my user is in a OU in excluded group. 

best response confirmed by perty1976 (Copper Contributor)
Solution

@perty1976, I think you must use the OMA-URI method, as that is (kind of) how it was set, so the tattoo is in there. Simply changing the registry (via regedit) may not yield results.

Even with OMA-URI the result is the same.

Tomorrow I will try with another notebook. I hope it's only my notebook to have this problem!
Has there been any resolution to this? Experiencing the exact same issue
I applied the OMI-USI policy on 130 laptops and it applied correctly on more than 100. The other 30 slowly began to activate the usb ports and at the moment there are only 4 notebooks not being able to use the usb ports even if the policy has been set.
1 best response

Accepted Solutions
best response confirmed by perty1976 (Copper Contributor)
Solution

@perty1976, I think you must use the OMA-URI method, as that is (kind of) how it was set, so the tattoo is in there. Simply changing the registry (via regedit) may not yield results.

View solution in original post