From Each OU we want to take specific users and create for them granular definitions to use mass storage devices. These should be assigned to use mass storage devices by next definition parameters as serial number,device name,class code and bus type,while using these specifically permitted devices the users are being monitored. The other users in OU is in a main security group, which also has the users we permitted for specific devices, Our plan is to assing a block rule to that security group to all others usb mass storage devices, The problem is that because of that specific rule my permitted users for specific devices are also getting blocked when I apply it. Even, though I’ve gave them specific permission to use those devices in another rule and they are only should being monitored. My take is they are getting blocked because they are part of that security group I block from all other usb mass storage devices? Is it so? And can we work in our organization as we planned or that impossible to implement policies this way?