Share via

Microsoft-Windows-Embededd-USBFilter (Industry 8.1)

  • Article

7/8/2014

Review the settings and examples of the Microsoft-Windows-Embedded-USBFilter feature package for Windows System Image Manager (SIM) in Windows Embedded 8.1 Industry (Industry 8.1).

USB Filter is a USB port and device base filter that you can use to allow trusted USB devices to connect to a system. USB Filter intercepts device connect requests and only allows USB devices with matching device product ID, device vendor ID, or device class ID set by an administrator to be active and detectible.

If you enable USB Filter, it automatically blocks all USB device access to all ports, except for the USB devices that match the criteria specified in the permission entry lists.

USB Filter does not immediately block USB devices that are already connected when USB Filter is enabled; however, connected USB devices that do not have a corresponding entry in the permission entry list will be blocked the next time the OS enumerates the attached USB devices. Attaching or removing any USB device from a USB hub causes the OS to enumerate the USB devices on the hub.

A USB hub enables several USB devices to connect to a single USB port. You can chain several USB hubs together, so the path to a USB device can pass through several USB hubs. If a permission entry does not exist for a USB hub, USB Filter blocks all USB devices connected to that hub, even if permission entries exist for those devices.

Important

In order to allow a USB device to connect to the system when USB Filter in enabled, you must add permission entries for the USB device and any USB hub that the device is connected to.

Many devices contain internal USB ports and hubs that connect to common communication devices such as a keyboard, a touchscreen, and a wireless network adapter. If you enable USB Filter and do not add permission entries for these devices, your device may become unusable after you restart the device. We recommend that, before you enable USB Filter, you initially configure USB Filter by adding permission entries for all connected devices.

Warning

Although USB Filter settings are shown in Windows SIM, there is a known issue that causes these settings to be incorrectly implemented in an image. We recommend that use Control Panel or DISM to turn on USB Filter and use the USB Filter WMI provider to configure USB Filter. See the following links for more information.

See Also

Reference

USBF_Filter

Concepts

Add lockdown and branding features to your image by using Windows SIM
Lockdown features