Some Windows Mobile devices today are equip with USB mass storage drive functionality. It means, that device is not connected to computer via activesync but behaves as a USB flash disk. However, some customers don’t like this feature and wants to disable this functionality for their users. Disabling just ActiveSync won’t help in this case.

To solve this issue I’ve done a little research and put together the following ADM script for Windows Mobile mobile management templates into System Center Mobile Device Manager 2008. It’s very simple to use, just add this template to your Active Directory templates and start using USB Mass Storage policy under the Security Policies.

CLASS MACHINE
CATEGORY "Windows Mobile Settings"
      CATEGORY "Security Policies"
           POLICY "USB Mass Storage"           
           KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Drivers\USB\FunctionDrivers"
           
              ACTIONLISTON 
                  KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Drivers\USB\FunctionDrivers\Mass_Storage_Class" 
                      VALUENAME "Dll" 
                      VALUE "USBMSFN.dll"
                  KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Drivers\USB\FunctionDrivers" 
                      VALUENAME "DefaultClientDriver" 
                      VALUE "RNDIS" 
              END ACTIONLISTON 
              ACTIONLISTOFF 
                  KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Drivers\USB\FunctionDrivers\Mass_Storage_Class" 
                      VALUENAME "Dll" 
                      VALUE "none"
                  KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Drivers\USB\FunctionDrivers" 
                      VALUENAME "DefaultClientDriver" 
                      VALUE "RNDIS" 
              END ACTIONLISTOFF            
            END POLICY
      END CATEGORY 
END CATEGORY