Bug #12685
open
New Feature #10636: Windows USB device management
Allowed / denied list of USB devices are not sent in the SyncML payload
100%
Description
Environment details
6.4.0
Prerequisites
Enrolled Windows device
- Create a Device Installation policy > Device Installation Restrictions > Prevent installation of devices that match any of these device IDs
- Add a USB hardware ID (Refer [1] to get the hardware ID) to the deny list and tick Retroactive option
- Publish the policy and check if the restriction is applied by inspecting the SyncML payload received on the device or the registry key
Description
When allowing / preventing USB devices the device does not receive the list of inputs added from the policy UI.
A diff of the expected [2] and the actual payload can be viewed here [3]
Result
USB device is not blocked by the policy
[1] - https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/manage-usb-devices-on-windows-hosts/1691477
[2] - https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#preventinstallationofmatchingdeviceids
[3] - https://www.diffchecker.com/fhMymE5M/
Updated by Navod Zoysa 16 days ago
- Due date set to 25/04/2025
- Assignee set to Ruwin Dissanayake
- Start date changed from 27/02/2025 to 18/04/2025
Updated by Ruwin Dissanayake 14 days ago
- Status changed from New to QA
- % Done changed from 80 to 100
https://github.com/entgra-proprietary/emm-proprietary-plugins/pull/168
Please check another admx policy with a list type input and for this policy the registry values can be found here in the windows registry editor "Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions"