How to enable write protection for USB devices on Windows 10

How-to
By Mauro Huculak
last updated

As an additional security layer, you can use this guide to enable write protection on Windows 10 to prevent users from copying data to a USB drive.

Windows 10 is the most secure version of Windows yet, but even though Microsoft has spent countless hours building new features to make computers more secure, someone can still just walk in, insert a USB drive, and walk away with sensitive data.

Of course, you can always protect your computer with a password, or set up a very strong PIN, but it's possible for someone with physical access to your machine get a hold to your sensitive data.

Fortunately, Windows 10 includes a write protection feature, which is hidden for some mysterious reason, and it allows you prevent any users from inserting a USB drive and downloading any data from your computer.

In this Windows 10 guide, we'll walk you through the steps to edit the Registry or the Group Policy editor to enable the write protection feature in the operating system to block users from saving data to a USB drive.

How to enable USB write protection using the Registry

Important: This is a friendly reminder to let you know that editing the registry is risky, and it can cause irreversible damage to your installation if you don't do it correctly. It's recommended to make a full backup of your PC before proceeding.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type regedit, and click OK to open the registry.
  3. Browse the following path:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  4. Right-click the Control (folder) key, select New, and click on Key.
  5. Name the new key StorageDevicePolicies and press Enter.

  1. Select the newly created key, and right-click on the right side, select New, and click on DWORD (32-bit) Value.

  1. Name the new DWORD WriteProtect and press Enter.
  2. Double-click the newly created DWORD and change its value from 0 to 1.
  3. Click OK.

  1. Close the Registry to complete the task.

Once you completed the steps, anyone who connects a USB drive to your computer will be denied copy privileges, and they'll get a "This disk is write-protected" message. As a result, no one will be able to edit, delete, create, or rename files in the external storage.

At any time you can revert the changes by following the steps mentioned above, but on step 8, make sure to change the DWORD value from 1 to 0.

How to enable USB write protection using the Group Policy

Alternatively, if you don't feel comfortable modifying the Registry, and you're running Windows 10 Pro, Enterprise, or Education, you can access the Group Policy editor to deny write permissions to removable storage devices.

To enable write protection using Group Policy, do the following:

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Administrative Templates > System > Removable Storage Access
  4. On the right side, double-click the Removable Disks: Deny write access policy.

  1. On the top-left, select the Enabled option to activate the policy.
  2. Click Apply.
  3. Click OK.

  1. Close the Group Policy editor.
  2. Restart your computer to complete the task.

Once your computer reboots, anyone who connects a USB drive will be denied access to save, edit, or delete any content from the removable storage. However, unlike the enabling write protection using the Registry, users will get the "You'll need to provide administrator permission to copy to this folder" message, but even with administrator privileges no one will be able to export data to the USB drive.

It's worth pointing out that inside of Removable Storage Access, you'll also get a number of other storage policies. For example, "All Removable Storage classes: Deny all access," which doesn't enable write protection, but it will prevent anyone from accessing any removable storage, which achieves the same result.

If you need to revert the changes, just follow the same steps, but on step 5 make sure to select the Not Configured option.

Wrapping things up

While you can enable the write protection feature on your computer to protect your data from falling on to the wrong hands, there a number of other scenarios where something like this will be useful.

For example, this feature can add an extra layer of security when implementing a kiosk machine, or when you work with sensitive data on your business, just to name a few.

Although we're focusing this guide on Windows 10, it's worth pointing out that the same concept should work on previous versions of the operating system, including Windows 8.1 and Windows 7.

Do you think Windows 10 should include this option in the Settings app? Tell us in the comments below.

Thanks @Jessicator for the alternative tip!

More Windows 10 resources

For more help articles, coverage, and answers on Windows 10, you can visit the following resources:

Mauro Huculak
Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.