I have created one Rule Set in which I have only blocked USB removable storage as you may see in the below screenshot:
And I have assigned it to just one policy which is clear in the below screenshot:
The default policy with no rule set is assigned to My Organization while the policy which name ends with (USB_Blocked) is assigned to only one group. Below screenshots:
But when after assigning the (USB_Blocked) policy to that one group, surprisingly all the clients in other groups are also affected!!! They also report that their DVD writers are not allowed to write! What is wrong with my settings???
First, do you have a separate set of machines for this in system tree? The best way (in my opinion) to do this and have a problem free testing is to create a sub-group in System tree "DLP-Test_Grp" drap few machines into this group, assigned the policy, send WUA and login with a test account to this machine, also try and reset the default policy. You can also collect and send props from clients..
Alternatively create an exception group (USB Allowed) and assign this, so only block users are blocked
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA