I got this scenario, 3 usb ports over a workstation, block one port and let the others ports for the usb keyboard and usb mouse, but with this practice may I have a problem, a thief can change the ports an connect a pendrive into the keyboard/mouse port, these are my questions, how DLP reconize a keyboard, mouse and pendrive?, How can I exclude the keyboard and mouse and let them use usb ports and block those ports if someone other device on that usb port?
If you do not want anyone to use a usb device for storage, the easiest way to lock down a usb port without interferring with keyboard or mouse is to set the usb port to "read-only".
You don't set device control to block USB by port, you set it to block devices by device types and other attributes related to the device itself, not the report. Device types such as USB removable storage can be blocked while devices such as Human Interface Devices (mouse, keyboard) can be allowed. This can get very granular in the policy, and devices can be blocked by a number of properties, include Device ID, Device GUID, Vendor ID, etc.
Use Removable Storage Device rule using File System as the Device Definition. This will not trigger on devices without a File System and connected using USB bus.