diff --git a/DIY USB Whitelisting/README-en.md b/DIY USB Whitelisting/README-en.md index 6c8c775..aa46143 100644 --- a/DIY USB Whitelisting/README-en.md +++ b/DIY USB Whitelisting/README-en.md @@ -15,19 +15,19 @@ This allows you to apply this whitelisting to a local computer without AD infras ### Procedure: 1. Unzip `DeviceCleanup.zip` and run `DeviceCleanup.exe` from either the `x64` directory (for Windows in the x64 / 64 bit architecture) or `Win32` (for Windows in the x86 / 32 bit architecture) -1.1. In the `DeviceCleanup` program, mark all USB devices listed there with the "CTRL" key + "A" key and remove them with the "DEL" key. + 1.1. In the `DeviceCleanup` program, mark all USB devices listed there with the "CTRL" key + "A" key and remove them with the "DEL" key. 2. Run `CreateWhitelist.ps1` and open the created `USBWhitelist.txt`. The contents of this file will be needed later 3. Open `gpedit.msc` under the search bar. -3.1. Navigate to "Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions" + 3.1. Navigate to "Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions" -3.2. Activate the following GPO "Allow installation of devices with these device IDs" + 3.2. Activate the following GPO "Allow installation of devices with these device IDs" -3.2.1. Click on "Show" and insert the IDs read from `USBWhitelist.txt` line by line and click on "OK" and then on "OK" again + 3.2.1. Click on "Show" and insert the IDs read from `USBWhitelist.txt` line by line and click on "OK" and then on "OK" again -3.3. Activate the following GPO "Prevent installation of devices not described in other policies" and click on "OK" + 3.3. Activate the following GPO "Prevent installation of devices not described in other policies" and click on "OK" This should make this USB whitelisting work.