Prevent Installation of a Device by Hardware ID

  • Article

Applies To: Windows Server 2008

You can use this procedure to prevent installation of any device that matches a specified hardware ID.

You can choose any of the hardware IDs that apply to a device, from the very specific to the very general. If you choose a more general ID, then you prevent installation of an entire set of devices, rather than just one device.

If this policy is enabled, in addition to preventing installation of the affected devices, it also prevents users from updating the device drivers for already installed devices that match the policy setting.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To prevent installation of a device with a specified hardware ID

  1. Open the Group Policy Management Editor. To do so, click Start, and then in the Start Search box, type mmc gpedit.msc.

  2. In the navigation pane, open the following folders: Local Computer Policy, Computer Configuration, Administrative Templates, System, Device Installation, and Device Installation Restrictions.

  3. In the details pane, double-click Prevent installation of devices that match any of these device IDs.

  4. Click Enabled, and then click Show.

  5. In the Show Contents dialog box, click Add.

  6. In the Add Item dialog box, type the hardware ID for your device.

  7. Click OK to save your changes. You can repeat steps 5 and 6 for other devices.

  8. Click OK to save the completed list, and then click OK to save the policy setting.

Additional considerations

  • You do not have to include more than one hardware ID for any single device. If any hardware ID in the policy matches any hardware ID associated with a device, then the installation is prevented.

  • To determine the hardware ID for your device, see Determine the Hardware IDs for Your Device.

  • To prevent this policy from affecting a member of the Administrators group, see Allow Administrators to Override Device Installation Restriction Policies.

  • This policy setting takes precedence over any other policy settings that allow a device to be installed. If this policy setting prevents a device from being installed, the device cannot be installed or updated, even if it matches another policy setting that otherwise allows installation of that device.

  • If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (https://go.microsoft.com/fwlink/?LinkId=55625).