PowerShell: Find USB Storage Devices

Most Administrators know that you can use a GPO to disable the ability to use USB storage devices on Windows computers. So you look up the instructions and implement the policy, but how do you know if it’s working?

I’m sure you made a test OU while you were working out the best option for your situation, but if you are disabling access for security reasons you’ll need a report. There are a few ways that you could go about getting the data. I like PowerShell. The code below will search your domain computers for USB storage. You should aware that savy users can use online tools to fool detection. As always, use at your own risk.

# Author: kevin-trent@hotmail.com; https://techbloggingfool.com
# Get-UsbStorage.ps1
# Uses WMI to retrieve activley attached USB Storage devices from all domain workstations.
# Run from a Domain Controller or a computer with the RSAT tools installed that is a domain memeber.
# Requires WinRM be enabled on workstations. See https://docs.microsoft.com/en-us/windows/win32/winrm/portal

Import-Module ActiveDirectory

Function USBDisks {
$Computers = Get-ADComputer -Filter ‘Operatingsystem -Notlike “*server*” -and enabled -eq “true”‘ -Properties dnshostname|Select dnshostname -ExpandProperty dnshostname

Foreach ($Computer in $Computers)
{Get-WmiObject Win32_Volume -ComputerName $Computer|Where {($_.Drivetype -eq “2”) -and ($_.Capacity -ne $null)}|
Select @{n=”Computer”;e={$Computer}}, @{n=”Drive Letter”;e={$_.Caption}}, @{n=”Label”;e={$_.Label}}, @{n=”Capacity(GB)”; e={“{0:N2}” -f($_.Capacity/1GB)}}, @{n=”FreeSpace(GB)”; e={“{0:N2}” -f($_.FreeSpace/1GB)}}, @{n=”Pagefile Detected”; e={$_.PagefilePresent}}
}
}

$report = USBDisks|Sort-Object Computer
$report|Export-CSV $env:userprofile\documents\USBDisks.csv -NoTypeInformation

About Kevin Trent

IT professional with almost 30 years of experience in Infrastructure, Architecting, Administration, Development, and Communications.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s