Policy CSP - DeviceInstallation


DeviceInstallation policies

DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses


DeviceInstallation/PreventInstallationOfMatchingDeviceIDs

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.

If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.

If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Prevent installation of devices that match any of these device IDs
  • GP name: DeviceInstall_IDs_Deny
  • GP path: System/Device Installation/Device Installation Restrictions
  • GP ADMX file name: deviceinstallation.admx


DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

  • Device

This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.

If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.

If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Prevent installation of devices using drivers that match these device setup classes
  • GP name: DeviceInstall_Classes_Deny
  • GP path: System/Device Installation/Device Installation Restrictions
  • GP ADMX file name: deviceinstallation.admx

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.