My employer is introducing a policy that only a specific model of USB drive will be allowed on our IT infrastructure in the future, and I need to restrict the estate so they cannot use any others.
I have successfully tested & configured the following settings:
Allow installation of devices that match these device IDs
Prevent installation of devices not described by other policy settings
Which works to allow the approved device and block any other new ones. The problem is that any USB storage device that was installed prior to the GPO going live can still be used, unless it is explicitly uninstalled. I have confirmed this in testing across
multiple devices/reboots.
Is there any way to force all USB storage drivers to uninstall/other way around this? We have a large estate over a wide area, so it not feasible to uninstall all old drivers manually. Thanks!