Microsoft Releases Layered Group Policies for Allowing Remote Devices

Microsoft gives system administrators the ability to manage connected hardware on devices within Group Policies. Layered Group Policies allow administrators to control which devices can and cannot be installed.

Layered Group Policies give system administrators the option of approving or blocklisting the installations of internal and external devices in various ways. Devices are given different identifiers; a class, device ID and an instance ID. System administrators can then create an allow list of which devices with those identifiers are or are not allowed on a network.

Microsoft says the feature is very intuitive for system administrators. The company gives the example of USB devices, a separate class. “With this new policy, administrators don’t need to know which different device classes there are if they just don’t want to install usb classes. The new policy ensures that you can create your script based on usb classes without automatically blocking other classes .” The policies are also placed in a hierarchical structure with the new policy so that devices always follow the same access or block structure.

The feature to enable layered Group Policies is in the C release of Windows 10 that is now out, Microsoft says. It will be more widely available in the August update of the operating system. ‘Later’ will follow a Windows Server release, although Microsoft does not give a date for this. The feature is also coming to Windows 11.