Intune USB Block unable to reverse change

Kevin Halstead 26

Hi,

We are having issues reverse a USB block to a device, we have a requirement for this user to use USB. We usually block all USB access on all devices.
We added the user and device to the exception for the device profile for USB blocking but the user is still unable to use USB.

We have identified it changes the following registry key:
HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\System
Name: AllowStorageCard

We can set this and USB now works, however on reboot the settings reverse again again.

Is there anyway we can reverse this setting? I really do not want to have to rebuild the machine just for this?

Thanks.

Jaime Bricalli 11 Reputation points

2021-07-15T06:48:22.957+00:00
Did you ever fix this? We're experiencing the same issue...

I've created a OMA-URI policy to revert the block setting - it applies ok registry sets back to 0

I've excluded groups from the initial policy (tried with User and Device groups)

I've checked other USB blocking registry locations - all OK

I've checked INF USBStor driver for Access to USB storage - Access appears OK

We have an active ticket with MS but they seem to be going in circles!

Its weird, when the USB drive is blocked - Access Denied. When you revert the blockage, its 'Please insert USB' its like the users have lost permission to READ usb storage but they can LIST it as the USB drive name appears in the File Explorer after removing the block policy... Users just can't READ/WRITE to it...
Anonymous

2021-10-05T00:47:35.413+00:00

Did you ever get this resolved by Microsoft?
Steven John 1 Reputation point

2021-12-03T11:10:24.977+00:00

Hi,

Did you have any luck fixing this or was there any response from Microsoft?

We are experiencing the same issue. We can block the USB access via Intune. But when we reverse it we get 'Please insert USB' when accessing a USB drive.

Many thanks,
Manuel Perticarari 1 Reputation point

2022-08-24T21:42:13.967+00:00

We have the same issue.

Does anyone find a solution?
Jaime Bricalli 11 Reputation points

2023-03-21T12:34:56.9433333+00:00

Couple of years late but if helps someone.. Support suggested we disable the 'Storage Service' service on affected computers, this resolved the issues and USB storage access was restored.

Powershell;

Set-Service storsvc -StartupType Disabled
Stop-Service storsvc

I assume if you require the USB storage policies to work, you may need to enable the service again.
Manuel Perticarari 1 Reputation point

2023-03-23T22:36:56.31+00:00

Thanks!

I will also try this solution

6 answers

Mohamed Abdulmoez 6 Reputation points

2023-10-26T06:57:19.34+00:00
this happened to me yesterday. the solution depends on how you created the policy.

For me I have created the policy as are follows:

Endpoint Manager Intune portal https://endpoint.microsoft.com/

Select Devices > Windows > Configuration profiles > Create profile

In Create Profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.

On the Basics tab, enter a descriptive name, such as Disable Removable Storage Write Access. Optionally, enter a Description for the policy, then select Next.

In Configuration settings, click Add settings to browse or search the catalog for the settings you want to configure.

On the Settings Picker windows, Select Storage to see all the settings in this category. Select Removable Disk Deny Write Access below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker.

The setting is shown and configured with a default value Disabled. Set Removable Disk Deny Write Access to Enabled. Click Next.

so, to reverse the change: I selected "Disable".

and then I have created a new profile with "Removable Disk Deny Write Access" enabled, and selected a device group that I want to block USB from.

and I have created another profile with "Removable Disk Deny Write Access" disabled for those I want to allow them to use USB.

It is complicated, but it works!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment