Prevent installation of devices that match any of these device IDs - DenyDeviceIDsRetroactive

Information

This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.

Solution

Policy Path: System\Device Installation\Device Installation Restrictions
Policy Setting Name: Prevent installation of devices that match any of these device IDs

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082/

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-7, CSCv6|13.5

Plugin: Windows

Control ID: 08cbc58094b6a1683a79509d07aadb629b76ee1cc8d2036285d17ed7d09d3273