As per your query only there should be no user in system base policy. you have to create one more policy to unblock the system and check that in assigned policy in system tree acording to your need that for system or for group
hope this will help to reslove your query please post the query if you have any doubt.
As you said you have user based dlp policy to block the Storage / CD DVD which is applied to everyone (all domain users), then why do you need again to apply that policy besd on system? If you want any user to not be effected by that policy you can simply exclude that username or if you are only bother about that system you can log in on that system as local user instead of domain user. If you log in as domain user the most restrictive rules will be in effect. as Vimal said and the storage device will get block.