We have DLP 9.3 running fine blocking all USB and allowing only defined USBs. However, we are only want to use the allowed USB with specific machines not be allowed to all machines available in the network. Because now the allowed usb can be plug in any machine and it will work.
Is that possible to do with DLP 9.3?
Depends..do you also use ePO to manage the machines?
If so apply a new 'Default Computers Assignment Group' to the computers (either by applying the policy to a new system tree group or applying it to single machines) excluding the assignment of the blocking policy.
Yes I do use ePO to manage the machines.
I did exactly what you have said but the machine still picking up the other device rule which blocks everything, even though the assigned policy of the machine on the system tree shows Allowed USB.
My policy catalog:
1. Block USB
2. Allow USB
First of all you might want to think how you separate the machines inside EPO.
If the machines are random, the only way to easily manage it is by creating a subgroup called "USB allowed" then drop the machines inside that EPO subgroup.
Then inside that subgroup, put assign a DLP policy that allow USB.
As with MFE DLP you can approach things in 2 ways.
1. User based Assignment Group
2. Computer based Assignment Group
For your purpose, CAG looks like the way to go.
I did exactly as you have mentioned I have created a subgroup and add machines into it, but why the machine takes the both rules instead of just taking the rule which been assign to it.
My Catalog shows as below
Create a rule that blocks/makes read-only the defined USBs.Use computer based assignment to assign this rule only to machines where you want the defined USBs blocked.