Win 10 Enterprise IoT

scottman99 1 Reputation point
2021-11-01T13:39:58.027+00:00

Just purchased some HP TC's w/ Win 10 IoT LTSC. I noticed right out of the box that the Standard User account has the inability to use usb flash drives and usb-cdrom devices. Logging in as Admin I have access to everything. I looked through the GPO ad registry and see nothing configured to prevent access to the standard user account. Is this the expected outcome for the "base" user account and if so are there anyways in which to modify the image or OS to allow access for the standard user?

Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
381 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sean Liming 4,506 Reputation points
    2021-11-01T17:08:29.37+00:00

    OEMs can customize their Windows 10 LTSC systems to lock down for security any way they see fit. HP tends to do customization to their Thin Clients that fit a specific market model. You will have to contact HP to see how to unlock the system.

    Normally, I would use GPO to lock down USB ports: https://www.annabooks.com/Articles/Articles_IoT10/Windows-10-IoT-DeviceBlock-Rev1.4.pdf , but there are some third party software solutions that can offer the same protection on a domain level. HP might be using one of these 3rd party solutions.

    0 comments
  2. scottman99 1 Reputation point
    2021-11-01T20:11:33.827+00:00

    I did reach out to HP before placing this on the forum, and of course HP tells me to get MS and to contact them directly. Always love the finger pointing back and forth. I bought 2 different models to test out with and the OS did the same for both models.

  3. Seeya Xi-MSFT 16,436 Reputation points
    2021-11-02T03:17:23.09+00:00

    Hi @scottman99 ,

    Yes. As Sean said. > OEMs can customize their Windows 10 LTSC systems to lock down for security any way they see fit.
    Please read this link below.
    https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/os-features/security#secure-boot
    Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

    Best regards,
    Seeya

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments