Hey, let’s learn how to Enable Removable Drive Locations Policy in Windows for Indexing Control using Intune. This policy controls if locations on removable drives can be added to libraries in Windows. When the policy is enabled, users cannot add removable drive locations to libraries, and they also cannot be indexed. If the policy is disabled or not configured, then removable drive locations can be added to libraries and can be indexed.
The importance of this policy is that it helps organisations control data stored on removable drives. It protects sensitive data by preventing users from adding and indexing files from USB drives or other removable devices. This reduces risks like data leakage or malware spreading from external storage.
This policy helps users and organisations by improving security and managing storage. For users, it prevents confusion when dealing with multiple drives and libraries. For organisations, it ensures that important libraries contain only trusted and permanent storage locations.
Examples of this policy include blocking employees from adding USB drives to Windows libraries at work. Another example is in schools where students cannot add personal flash drives to school systems. In government offices, this policy prevents removable media from being indexed to protect confidential data.
What are the Advantages of Enabling this policy using Intune?
Enabling this policy has clear advantages for both users and organisations. It improves security by preventing removable drives, like USBs, from being added to libraries and indexed. This reduces the risk of sensitive data being copied, shared, or exposed through external storage.
1. Protects sensitive data from being leaked through removable drives.
2. Reduces the risk of malware spreading via USB or external devices.
3. Ensures only trusted and permanent storage is used in libraries.
4. Helps organisations maintain compliance with data protection rules.
5. Prevents confusion for users by keeping libraries limited to stable storage locations.
Enable Removable Drive Locations Policy in Windows for Indexing Control using Intune
Before enabling this policy, users can add removable drives like USBs to Windows libraries, and data from these drives can be indexed, which increases the risk of data leakage or malware. After enabling the policy, users cannot add removable drives to libraries, and data from external drives is not indexed. This improves security, protects sensitive data, and helps organisations control information stored or shared through removable devices.
- How Intune Inventory Helps to Monitor Logical Drives on Windows Devices
- How to Prompt User to Confirm When they Delete Shared Content on OneDrive via Intune
- How to Specify the OneDrive Location in a Hybrid Environment using Intune
Create a Profile
For deploying the Intune policy, we need to create a profile first. Then log in to the Microsoft Intune admin center with our credentials. Then, we need to navigate the Devices section, click Configurations, and create a new policy.
When we click the New Policy option, the Create Profile window will open. Here, we need to select the platform as Windows 10 and later, and the profile type is Settings Catalog from the list. Finally, click the Create option to continue.
Basic Step
In this section, we provide the proper Name(e.g Disable Removable Drive Indexing) and Description(e.g To Disable Removable Drive Indexing) of the policy we want to deploy. This is a required section, and users must add it to continue creating Profiles.
Configuration Settings
In the Configuration Settings section, you can see the Add Settings option. Click the Add Settings option, and then the Settings Picker window will open. Type Search in the search box and select Disable Removable Drive Indexing from the search results.
After selecting the settings, we can close the settings picker window. Then we will be in the configuration settings. Here, we can see that the Disable Removable Drive Indexing is Disable. We need to click the next button to continue.
Enable Removable Drive Indexing Policy
In the configuration settings, if we Enable or configure this policy, you can enable the policy Removable Drive Indexing by toggling the switch. Then click Next to continue.
Scope Tags
We can skip this section, or we can add Scope Tags to your profile if we wish. It helps to assign this policy to a defined group of users or devices. Please note that adding Scope Tags is optional. If we decide to skip this section, simply click the Next button to continue.
Assignments
In this section, we can add groups. Click the Add Group option under the Include Groups section to do this. After that, a new window will appear, and we can select a group from here. Then click on the Select button and click on the Next button.
Review+ Create
The “Review + Create” is the final step in the policy creation process. In this stage, we will see a summary of the policy we are deploying, including the policy name, descriptions, platform, and other details. After the review, just click Create, and then we can see the notification “Disable Removable Drive Indexing created successfully”.
Monitoring Status
To check the monitoring status, go to Devices > Configuration Policies. In the Configuration policies section, search for the policy we created(Disable Removable Drive Indexing). We can find the result as 1 Succeeded. Use manual sync in the Company Portal to speed up the process.
Client Side Verification
To check the Client Side Verification, we can use the Event Viewer. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise > Diagnostics > Provider > Admin to open it. From the list of policies, use the Filter Current Log option and search for Intune event 813.
MDM PolicyManager: Set policy int, Policy:DisableRemovableDrivelndexing) Area: (Search),
EnrollmentID requestinq merqe: (EB427D85-802F-46D9-A3E2-D5B41458/F63), Current User:
(Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0).
How to Remove Assigned Group from Removable Drive Indexing Policy
Removing an assigned group from a policy is sometimes necessary for security, compliance, or operational efficiency. Open the policy from the Configuration tab and click on the Edit button on the Assignment tab. Click on the Remove button on this section to remove the policy. Click Review + Save after making the change.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Removable Drive Indexing Policy from Intune Protal
To delete an Intune policy for security or operational reasons. I will demonstrate how to delete an Intune policy through the Disable Removable Drive Indexing. Click the three dots, then click the Delete option. You can see a confirmation message, click the Delete button.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Configuration Service Provider
The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains the Description framework properties, assigned values and group Policy Mapping.
Description framework properties: The following list shows the description framework properties of the Removable Drive Locations policy.
- Format – Int
- Access type – Add, Delete, Get, Replace
- Default value – 0
Allowed values: The following table shows the Allowed Values of the Removable Drive Locations
| Value | Description |
|---|---|
| 0(Default) | Disable |
| 1 | Enable |
Group Policy Mapping
| Name | Value |
|---|---|
| Name | DisableRemovableDrivelndexing |
| Friendly Name | Do not allow locations on removable drives to be added to libraries |
| Location | Computer Configuration |
| Path | Windows Components > Search |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Windows Search |
| Registry Value Name | DisableRemovableDrivelndexing |
| ADMX File Name | Search.admx |
./Device/Vendor/MSFT/Policy/Config/Search/DisableRemovableDriveIndexing
OMA-URI Settings to Power Sleep Policy
An OMA-URI is a unique string used to configure specific settings on Windows 10 or 11 devices through a Configuration Service Provider (CSP). Its format is determined by the CSP and is used to apply custom device configurations.
To create a new policy in Microsoft Intune, sign in and navigate to Devices > Configuration. Click on Create to start a new policy. Choose the platform as Windows 10 or later. For the Profile type, select Templates, then choose Custom. Provide a name for the policy and add a description if needed.
- Click on + Add under OMA-URI Settings to configure the specific setting.
- To Configure the OMA-URI Setting, do the following
- Enter a name for this setting, such as Disable Removable Drive Indexing.
- Description of the setting: To Disable Removable Drive Indexing.
- Enter the following OMA-URI path: ./Device/Vendor/MSFT/Policy/Config/Search/DisableRemovableDriveIndexing
- Set the Data type to Integer.
- Enter the value
- 1. Disable Removable Drive Indexing Policy
- 0. Enable Removable Drive Indexing Policy
- After entering the above details, click the Save button.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.