WinSecWiki > Security Settings > Local Policies > Security Options > Devices > Allowed to format and eject removable media

Devices: Allowed to format and eject removable media

Like the previous setting this one is somewhat laughable as well.

You can limit this policy to 1 of 3 choices

Administrators
Administrators and Power Users
Administrators and Interactive Users

The idea of the setting is to protect against users (aka losers?) trying to move data to removable media for subsequent nefarious purposes. The first problem though has to do with how such devices normally work: MS’s Threats and Countermeasures document acknowledges “the fact that most removable storage devices will eject media by pressing a mechanical button diminishes the advantage of this policy setting.”

In addition, this policy apparently only applies to NTFS formatted removable media.

Finally, how hard would it be to tear off the cover of the device and yank out the disk or tape?

Bottom line

Again, don’t sweat this setting and move on.

Upcoming Webinars

Additional Resources

Devices

•	Allowed to format and eject removable media
•	Prevent users from installing printer drivers
•	Restrict CD-ROM access to locally logged-on user only
•	Restrict floppy access to locally logged-on user only
•	Unsigned driver installation behavior

User name:
Password:
	/ Forgot?
	Register

April 2025 Patch Tuesday	"Patch Tuesday - One Zero Day! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.