Use Group Policy to disable the Ethernet of DisplayLink docking stations

Use case description

In your corporate environment, you may want to roll out universal docking stations based on DisplayLink technology to increase the productivity of the employees. 
However, you might wish to disable parts of the docking station like audio or Ethernet. Either because you are running out of IP addresses, or because you want to tightly control what is present on your corporate network.

Here is an example on how to use a Windows group policy to block the installation of the Ethernet capability of docking stations using DisplayLink technology.

How to implement

Before you apply the restriction, you need to get what needs to be restricted. In this example, we are looking at blocking ONLY the Ethernet of ONLY docking station running DisplayLink technology. 
Go to the device manager and look at the "Hardware IDs"  in the Ethernet card details. All DisplayLink products will start with USB\VID_17E9
In most cases, the DisplayLink feature is on a composite device. It means the same device has several endpoints making different peripherals. Typically, you will have one or several monitors, audio and network. The different peripherals have different end points represented in the MI_0x part of the hardware ID.
Therefore, in our picture example, to block the Ethernet of the Targus docks, I need to block USB\VID_17E9&PID_4306&MI_05

Go to the management console (run mmc) and add a Group Policy snap-in object
  1. Go to Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
  2. Select "Prevent installation of devices that match any of these devices IDs"
  3. Tick Enabled
  4. Paste the ID or IDs you wish to block in the Show list. In our example, I only have one line with USB\VID_17E9&PID_4306&MI_05
  5. Save



What will an end user see?

To limit the number of support tickets to IT, the policy makes it obvious that the device is not working because it is blocked by IT policies.
You can see below the built-in network card stays on whilst the other one flags: The installation of this device is forbidden by system policy. Contact your system administrator.



Feedback and Knowledge Base