Windows 10 Thunderbolt dock failing to install, "Installation of this device is forbidden by system policy".

  • Thread starter Thread starter Grant Ohman
  • Start date Start date
G

Grant Ohman

I have an issue that is affecting 8 users on three different models of dell laptops (dell XPS 15 9750, dell latitude 7400, dell latitude 7490), all running windows 10 1909 enterprise. I have talked with Dell support and they claim they are unable to assist as this is a windows related issue.

Synopsis: When a user plugs their dell thunderbolt dock into their laptop, the dock does not register. In device manager, there is a missing "PCI to PCI bridge" device. Upon trying to install the device, we receive an error stating this is blocked by system policy.

We have nothing in our group policy that blocks the installation of devices.


I found an article that adds backstory as to why this issue is occurring: https://support.microsoft.com/en-us...-and-thunderbolt-controllers-to-reduce-1394-d. However, this update was almost two years ago, and we just now started having problems. I followed the steps in this article, however instead of blocking the device, I placed hardware ID PCI\CC_0C0A in our domain policy under “allow installation of devices that match any of these device IDs”.


This allowed the PCI device to install and the dock worked, however only until the user undocked and then re-docked their laptop. Then the device was once again failing to install.


If I check the registry of one of these laptops, I can see that in "\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\AllowDeviceIDs", device 'PCI\CC_0C0A' is present. However, this same device is also showing under "\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs", which is the root cause behind blocking the device from installing.


I have tried various searches on the internet, most point to just blocking the device and don't explain how to remediate the problem. I've updated all of the drivers using Dell's utility and checked windows update, and have not been able to find a resolution. I cannot figure out what is telling windows to block this device, or why this specific device keeps getting added back to the registry under restricted devices, even though I have explicitly stated in the domain policy to allow installation. I've checked the windows update history and didn't find any recently installed updates around the time of when this started occurring (Feb 4th). As a bandaid fix, I can manually remove the DenyDeviceIDs folder and install the device in device manager, which again only works until the user undocks/redocks their laptop.


Thanks.

Continue reading...
 
Back
Top