Windows 7 class ids

Thanks for your feedback. I have the same question 0. Report abuse. Details required :. Cancel Submit. Andre Da Costa Article Author. Intrusion Detection Systems. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. Please rate your experience Yes No. Any additional feedback? In this article. Used by the Convert dialog box to determine the formats an application can read and write.

Registers a bit in-process server and specifies the threading model of the apartment the server can run in. Value where "message" is the message to ben shown :. Microsoft's Description: This policy setting allows you to display a custom message title in the notification balloon when a device installation is attempted and a policy setting prevents the installation.

If you enable this policy setting, Windows displays the text you type in the Main Text box as the title text of the notification balloon when a policy setting prevents device installation. If you disable or do not configure this policy setting, Windows displays a default title in the notification balloon when a policy setting prevents device installation.

Similar to " Display a custom message when installation is prevented by a policy setting ", except it lets you set a custom title to replace the default title of "Device installation was prevented by policy".

Value Where "title" is the title to show :. Microsoft's Description: This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. If you enable this policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting specifically prevents that installation for example, the " Prevent installation of devices that match any of these device IDs " policy setting, the "Prevent installation of devices for these device classes" policy setting, or the " Prevent installation of removable devices " policy setting.

This GPO option allows for another way to whitelist devices. Much like the options that "Allow" or "Prevent" installation of a device based on its device setup class, the " Allow installation of devices that match any of these device IDs " works via a list of Plug and Play hardware IDs or compatible IDs. These IDs can be somewhat easier to collect than device setup classes since the device does not have to be successfully installed first to collect the hardware IDs or compatible IDs.

Hardware IDs are meant to be rather specific to the device. They are used for finding the correct device driver to load to make the hardware functional. This means one of its hardware IDs is:. But it is also a composite device, and the parent of other devices that will appear in the Device Manager, for example:. As a matter of fact, it would be possible to have some of the functions of a composite device work, and have others denied because they do not have their corresponding hardware ID whitelisted.

For example, the mouse part might work, but the keyboard part of the Teensy HID might not. While hardware IDs are meant to be fairly specific to a given piece of hardware, compatible IDs are a fall back for when more specific drivers can't be found that support the listed hardware IDs. Compatible IDs are more general in other words. To collect compatible or hardware IDs for your whitelist do the following:. Plug in the device. Find the device, and all its related devices, in Device Manager.

If the device is currently prevented from installing because of a GPO setting you may only see one device with an exclamation mark. After we finish with steps 2 through 4 on a composite device, we may have to go through them again for each child device. Bring up the properties of each device, go to the details tab, and then copy a value from the "Hardware Ids" or "Compatible Ids" property.

After collecting all of the "Hardware Ids" or "Compatible Ids" properties, enable the " Allow installation of devices that match any of these device IDs " setting and add needed IDs to the list. A few other notes: Remember that "Prevent" overrides "Allow" in general, so if an ID is in both an "Allow" and a "Prevent" policy, the "Prevent" policy will generally take precedence. Also, if " Prevent installation of removable devices " is enabled, and the device is removable, it will be denied installation even if its IDs are in a whitelist.

Where "xxx" is a hardware or compatible ID. Microsoft's Description: This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.

You may use the " Prevent installation of devices that match any of these device IDs " to blacklist based on hardware or compatibility IDs.

Keep in mind that this sort of blacklisting of hardware IDs can be made very ineffective because of devices that allow the attacker to set any vendor or product ID they wish. For example, I set my Teensy to use as the vendor ID, and as the product. This made the base hardware ID:. I could have easily changed these arbitrary values to something else, or made them match some preexisting hardware's vendor and product ID. If a blacklist is to be created it may be better to use the compatibility IDs to block device types in much the same way as the " Prevent installation of devices using drivers that match these device setup classes " uses GUIDs in its block list.

Microsoft's Description: Set the amount of time in seconds that the system will wait to reboot in order to enforce a change in device installation restriction policies. If you enable this setting, set the amount of seconds you want the system to wait until a reboot.

If you disable or do not configure this setting, the system will not force a reboot. NOTE: If no reboot is forced, the device installation restriction right will not take effect until the system is restarted. I've not really tested this option. The effects of the setting I've made have always seemed to be instantaneous, and not requiring a reboot.

Microsoft's Description: This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated.

If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.