The Removable Storage Access policy does not work correctly on a client computer that is running Windows Vista or Windows Server 2008


Symptoms


If you attach a removable storage device to a computer during the period between system start and user logon, the Removable Storage Access policy may not function correctly. This can occur with Windows Vista and Windows Server 2008, and happens regardless of whether Microsoft Knowledge Base hotfix KB969702 is installed or not.

Cause


The fix included in Microsoft Knowledge Base article KB969702 is for Windows Portable Devices (WPD) such as USB flash memory, so the policy does not apply for other devices such as USB hard disk drives. This symptom above occurs because some service processes may be accessing the device before the group policy is applied, and this may prevent the policy being applied to the device.

Workaround


You can choose one of the following workarouds:

1. Use Computer Configuration instead of User Configuration to set group policy.
  
Note: if you use the Computer Configuration policy, all users who use the computer will be restricted.

2. Use User Configuration policy and force reboot the system by the "Time (in seconds) to force reboot" policy.

1. Set "Time (in seconds) to force reboot" policy under "User Configuration\Administrative Template\System\Removable Storage Access"

   2. Add the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WPDBusEnum
  RequiredPrivileges (REG_SZ) "SeShutdownPrivilege"

You also need to install Microsoft Knowledge Base hotfix KB979621 to avoid the device being disabled.

  A removable storage device is disabled when you enable a Group Policy to deny write access
  or to deny read access to the device on a computer that is running Windows Vista or Windows Server 2008
  http://support.microsoft.com/kb/979621/