Hello ... I wonder what that's a question:
In the "DLP Policy - Device Managment - Device Definitions" added "Removable Storage Device" with selected all possible devices. In the "DLP Policy - Device Managment - Device Rules" in "No Removable Storage" connected "Removable Storage Device" and in "DLP Policy - Policy Assignment" in "Users with no storage" added AD group "DLP_NO_Storage". In our AD we created test user and assigned in "DLP_NO_Storage" group. But in test computers we add any usb flash and she was be recognized and she could write and read information. What with my actions were wrong?