Block Android Tethering from Windows

TL;DR

This guide shows you how to prevent Android phones from using mobile tethering (sharing their internet connection) when connected to your Windows computer. This is useful for data loss prevention (DLP) in corporate environments or controlling home network usage.

Steps

1. Understand the Problem: Android phones can share their mobile data via USB, Wi-Fi hotspot, or Bluetooth tethering. Windows treats these connections as network adapters. We need to disable these adapters when a phone is connected.
2. Identify Network Adapters: When you connect an Android phone for tethering, new network adapters appear in Device Manager. You’ll need to find them.
   • Press Win + X and select “Device Manager”.
   • Expand “Network adapters”.
   • Look for adapters with names related to your phone manufacturer (e.g., ‘Samsung Mobile USB Composite Device’, ‘Xiaomi ADB Interface’) or generic tethering descriptions (‘Remote NDIS Compatible Device’). There may be multiple entries.
3. Disable Adapters via Device Manager: This is a manual process, but effective.
   • Right-click on the identified network adapter(s).
   • Select “Disable device”.
   • Confirm the disable action.
4. Automate with PowerShell (Advanced): For a more automated solution, use PowerShell.
   • Open PowerShell as Administrator.
   • Run the following command to list all network adapters:

     Get-NetAdapter | Where-Object {$_.InterfaceDescription -like '*Samsung*'}

     (Replace ‘Samsung’ with your phone manufacturer if needed.)

   • Identify the adapter names from the output.
   • Run this command to disable a specific adapter (replace ‘AdapterName’):

     Disable-NetAdapter -Name "AdapterName" -Confirm:$false

5. Create a Scheduled Task (Advanced): To automatically disable adapters on phone connection, create a scheduled task.
   • Open Task Scheduler.
   • Create a new basic task.
   • Trigger: “On an event”.
   • Log: System
   • Source: DeviceSetupManager
   • Event ID: 103 (Device Plug and Play)
   • Action: Start a program.
   • Program/script: powershell.exe
   • Add arguments: -ExecutionPolicy Bypass -File “C:pathtoyourdisable_tethering.ps1”

   (Create a PowerShell script ‘disable_tethering.ps1’ containing the commands from step 4 to disable the adapters.)

6. Re-enable Adapters: When you disconnect the phone, remember to re-enable the network adapters in Device Manager or through your PowerShell script (create a separate script for enabling).
7. Consider Group Policy (Enterprise): In a corporate environment, use Group Policy to manage device settings and enforce tethering restrictions across multiple devices. This is beyond the scope of this basic guide.