USB Control
USB control lets you decide which removable devices are allowed on managed PCs. This guide explains the device-class model and how to use it for data-loss prevention.
Device-class allow and deny
Rather than a single all-or-nothing switch for USB storage, CtrlOne can allow or deny by device class. That means you can permit input devices like keyboards and mice while blocking mass-storage devices that could be used to exfiltrate data.
Data-loss prevention
Blocking removable mass storage is a core DLP control for shared, kiosk, and high-sensitivity PCs. Combine it with the other restriction surfaces to close common data-exit paths while keeping the machine usable for its job.
Rolling it out
Add USB control to a policy, pilot it on a representative machine to confirm required peripherals still work, then apply it to the group. Because the control is reversible, you can adjust the allowed classes if a legitimate device is affected.
Frequently asked questions
Can I allow keyboards but block USB drives?
Yes - that's the point of per-class control. Permit input-device classes while denying removable mass storage.
Does blocking USB storage remove drivers?
No. Enforcement is policy-only, so removing the restriction returns the device behaviour to normal.
Round out your lockdown
Pair USB control with application blocking and browser restrictions for a complete data-exit posture.