I am using DLP & i have configured DLP policies to block USB(Mass Storage) & CD/DVD. I have applied this policy to everyone(User Based). User abc is a part of everyone.
Now if i have created a computer asignment group using policy catalog & i have unchecked all the rules & asigned to a system xyz. User abc logs in to system xyz, so the devices which were blocked by DLP policy will be accessible OR not? as we have configured the system based policy to unblock the devices for system xyz.
Thanks in Advance.
As per your query only there should be no user in system base policy. you have to create one more policy to unblock the system and check that in assigned policy in system tree acording to your need that for system or for group
hope this will help to reslove your query please post the query if you have any doubt.
As you said you have user based dlp policy to block the Storage / CD DVD which is applied to everyone (all domain users), then why do you need again to apply that policy besd on system? If you want any user to not be effected by that policy you can simply exclude that username or if you are only bother about that system you can log in on that system as local user instead of domain user. If you log in as domain user the most restrictive rules will be in effect. as Vimal said and the storage device will get block.