I am stuck on the logic behind trying to make a set of DCM rules that can fit the environment for three different things using user assignment groups
A Rule that blocks all USB Removable storage
A Rule that allows USB Read only
A Rule that allows USB Write-Read
So creating the rule that blocks all USB Remove storage, no problem.
created Rule that blocks All USB RS, exlude the allowed USB users
Created a Rule that blocks All USB and exlude the allowed serial number device and apply to allowed users
I have struggling with working in a rule that allows the Read only USB, but blocks everything else.
I didn't know if this will have to been done with Computer groups and mixing with user assignment groups
Any help would be appreciated
Typically you won't want to mix the CAG and UAG assignments.
Review the following KB for more information on rule assignment:
So from your description here is what you'll have to have:
Block all USB - Include all removable storage, include everyone, exclude the users for read only
Block all USB, Exclude serial - Include all removable storage, exclude device definition with serial number, include read only users
Read only - Include device def with serial number, include read only users.
Hope that helps