We have recently published a new Analysis on the Security Policy Manager Fixlet site that shows the history of connected USB devices including their serial number.
Here is an example of what the analysis returns on one of our computers:
USB Flash Memory USB Device – 8&19ff1fb2&0
Apple iPod USB Device – 8&41f4e44&0
Apple iPod USB Device – 8&32c42174&0
Apple iPod USB Device – 8&31cfe9b3&0
USB Device –
USB Device –
Generic STORAGE DEVICE USB Device – 8&b98aba7&0
Memorex TRAVELDRIVE 005B USB Device – 8&2c2f04a&0
SAMSUNG HM160JC USB Device –
SD/MMC Card Reader USB Device – 8&776bc3a&0
WDC WD40 0AB-22BTA0 USB Device –
If you have the Security Policy Manager Fixlet site subscribed, please check out this new and potentially useful Analysis.
This information does not appear to be timestamped by Windows and so you can’t easily filter it. If you wanted some ability to track over time, you would need to do some custom work:
Create a backend system that pulls data from the database or SOAP API and then stores the data with timestamps over time.
Create a BigFix action that stores the data on the agent periodically with time stamps and then create logic to do diffing and pull the info back.
Both are possible, but you need to spend the time creating the system.