Assuming your using Host DLP then simply create a blocking rule for all devices then either
1. use the over-ride key generation option to allow access on an as-and-when basis
2. exclude a user or a group as part of the blocking rule
3. if the user is say the CEO then add then user as a 'priviliaged user ' and set it to override all rules.
Is there a way of creating an over-ride key automaticlly without the user asking administration for the key?
Kind of defeats the object if a user can just generate a key when ever they want.
Granted you would have the override events logged in the DB but by then it could be too late.
Yea thats true, i was trying to limit the administration for users but good point