I am implementing CIS on Windows 10 1803 and I can not resolve this control.
This policy setting determines who has permission to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from deleting data on one computer to access it on another computer on which they have local administrator privileges.
The recommended state for this configuration is: Administrators and Interactive Users.
Users can move data on removable disks to a different computer where they have administrative privileges. The user could then take possession of any file, grant himself total control and view or modify any file. The fact that most removable storage devices eject media by pressing a mechanical button decreases the advantage of this policy setting.
For starters, I've never met anyone who does not have permission to eject and format removable media (assuming hard drives, USB drives, etc.).
But I'm even less sure why the control asks me to set it in "Administrators and interactive users" when the default is simply "Administrators".
CSC CIS Windows 1803:
The recommended state for this configuration is: Administrators and Interactive Users. The default value is Administrators only. Administrators and interactive users can format and eject removable NTFS media.
It is recommended to set Permitted to format and eject removable media to Administrators. Only administrators can eject removable media in NTFS format.
Would this configuration also affect the software that manages USB devices, such as Checkpoint removable media encryption?