Allow Installation of a Device by Hardware ID

  • Article

Applies To: Windows Server 2008

You can use this procedure to create a list of devices that users are allowed to install. The allowed devices are identified by the hardware IDs assigned to them by the manufacturer.

This policy setting only has affect when the Prevent installation of devices not described by other policy settings policy setting is enabled. See Prevent Installation of All Devices By Default.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To allow installation of a device by hardware ID

  1. Open the Group Policy Management Editor. To do so, click Start, and then in the Start Search box, type mmc gpedit.msc.

  2. In the navigation pane, open the following folders: Local Computer Policy, Computer Configuration, Administrative Templates, System, Device Installation, and Device Installation Restrictions.

  3. In the details pane, double-click Allow installation of devices that match any of these device IDs.

  4. Click Enabled, and then click Show.

  5. In the Show Contents dialog box, click Add.

  6. In the Add Item dialog box, type the hardware ID that applies to your device.

  7. Click OK to save your changes. You can repeat steps 5 and 6 for other devices.

  8. Click OK to save the completed list, and then click OK to save the policy setting .

Additional considerations

  • This setting does not take precedence over any of the policy settings that would prevent this device from being installed.

  • To determine the hardware ID for your device, see Determine the Hardware IDs for Your Device.

  • You do not have to include more than one hardware ID for any single device. If any hardware ID in the policy matches any hardware ID associated with a device, then the installation is allowed.

  • These policy settings affect all devices, even if the device driver is staged in the driver store. This is different from the policy setting described in Allow Standard Users to Install Drivers For Devices from Specified Setup Classes, which controls whether or not a user can place a device driver package in the driver store. The policy settings in this topic work by allowing (or preventing) the Plug and Play system to enumerate and construct the necessary memory structures for the device to operate.

  • If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (https://go.microsoft.com/fwlink/?LinkId=55625).