How to restrict read/write access to external drives in ThreatLocker?
This document outlines the step-by-step process of how to restrict read/write access to external drives in ThreatLocker Dashboard.
This article is a part of our ThreatLocker How-to Guides series, Chapter 05 – Storage Control.
Introduction
External drives such as USB sticks and portable HDDs pose a risk to data security. Blocking read/write access ensures that users cannot copy files to or from these devices unless explicitly authorized.
With ThreatLocker Storage Control, you can create a policy to deny read/write access to USB storage, while optionally allowing users to submit access requests for temporary exceptions.In this article, we’ll walk through the step-by-step process to configure a policy that securely and effectively restricts read/write access to external storage devices.
Implementation
Step 1: Access the Storage Control Module
- Log in to the ThreatLocker Portal.
- Navigate to Modules > Storage Control
- Click Create Policy
Step 2: Create The Policy
- In the Details section:
- Name: Restrict Access to External Devices
- Description: Restrict read/write access to USB storage
- In the Applied To section:
- Select the target computer or computer group
3. In the Condition section:
- Access Type: Select Read/Write
- Interface Type: Select Selected Interfaces
- Choose USB to apply the policy specifically to USB storage devices.
4. In the Action section:
- Select “Deny” as the action
- Enable “Allow User to Request” to let users request temporary access if needed
- Select “Add to the top” to ensure it takes priority.
5. Once all fields are configured, click Create to save the policy
Step 3: Apply the Policy to restrict read/write access to external drives in ThreatLocker
Go back to the Policies list
- Click Deploy to activate the policy on the selected machines
Conclusion
By restricting read/write access to external USB drives, you enhance your organization’s ability to:
- Prevent unauthorized file transfers
- Reduce the risk of data loss or malware infections
- Enforce compliance with internal security policies
- Apply a Zero Trust approach, allowing only authorized access
With ThreatLocker Storage Control, you can implement strict removable media control, while still providing flexibility through the user request feature.This ensures both security and operational continuity across your environment.