You have to create a Device Definition in DLP Policy for CD/DVD drives.
then you have to create a Device Rule and include the CD/DVD drives and set it to Monitor.
Now, you can either use Active Directory and create a User Access Group under DLP Policies and add the "Everyone" group or you can create a DLP Computer Assignement Group policy and assign it to the root of your System Tree.
These should tell you when a CD/DVD is accessed on a computer.
That being said, it wont tell you if files were copied to or from the CD and it wont track which files were burned.
Its best to just create a CD/DVD Device rule and make all the devices read-only and create a security group in AD to put authorized users into. Your CIO should write up a policy for this.
You need to do an inventory of the cd/dvd burner applications and identify the processes that access the disk when writing files. process monitor is a goot tool for doing this http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
One you have a list of the applications, you can create an application protection rules that monitor the cd/dvd writing processes that access data from the disk. The downside is that if someone writes a lot of files, you'll get a hell lot of events. (one per file)
Using device control rules will create one event when the system boots and loads the cd/dvd drivers, but that's about it, you don't get information about what was copied. Removable storage protection rule doesn`t cover the cd/dvd.
Message was edited by: georgec on 11/14/12 12:12:35 PM CST