So I was doing some troubleshooting, answering questions, being helpful, the typical Wednesday afternoon, when I found that the policies for Removable Storage Access on Windows 10 N do not apply as expected.
The crux of the issue is that Windows 10 N does not have a media player. I think. Pretty sure that’s the break. Why would not having a media player break removable storage policies? Great question!
The GPOs I am talking about are these:
So, I think what the issue is, is that media player handling is part of the service that also manages removable storage. Since N doesn’t have a media player, it doesn’t need that service either.. I am pretty sure someone in Redmond was thinking that. Here is the services list from a Windows 10 Pro host:
The fine print says the following;
“Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.”
Ok, so N doesn’t have Windows Media Player. So the “Portable Device Enumerator Service” is not present (no, really, see, it isn’t listed below):
As a result, these policies show as enabled, but don’t apply. See I can access my CD-Rom below:
Did that, then GPUpdate /force, checked the Event Log; I can see the Machine side processing successfully. How can it do this with the service missing? I don’t know.
Shout out to Mark over at spiceworks.com for finding this and bringing it to global attention; (internet and all) GPO to block USB drives is applied, but not working.