Prevent installation of devices that match any of these device IDs
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > Device Installation > Device Installation Restrictions
Supported on
At least Windows Vista

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device. NOTE: To enable the "Allow installation of devices that match any of these device instance IDs" policy setting to supersede this policy setting for applicable devices, enable the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting. If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.

Internal name
DeviceInstall_IDs_Deny
Policy ID
0dc992d138a2
Elements
2

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions
Value name
DenyDeviceIDs
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions
Value name
DenyDeviceIDs
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Also apply to matching devices that are already installed.
ID DeviceInstall_IDs_Deny_Retroactive
boolean
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions
Value name
DenyDeviceIDsRetroactive
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Prevent installation of devices that match any of these Device IDs:
ID DeviceInstall_IDs_Deny_List
list
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs
Value name
DenyDeviceIDs
Type
REG_MULTI_SZ
List: standard
Also apply to matching devices that are already installed.
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions
Value name
DenyDeviceIDsRetroactive
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Prevent installation of devices that match any of these Device IDs:
Computer · Type list
Registry mapping
Path
Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs
Value name
DenyDeviceIDs
Type
REG_MULTI_SZ
Details
List: standard