You can use the following configuration :-
1) For privileged users:-
Create Removable storage Device rule
Include all Removable storage Devices
Exclude the ones that you want to allow.
Create a Removable storage protection rule
Monitor action (This will monitor all files being copied to all removable storage devices)
2) For restricted users :-
Create a Removable Storage Device Rule
Include all Removable Storage Devices
Hope I could help.
I know this is an old question but here is another way to get this to work
Create 2 User Assignment Groups (UAG)
UAG1 (this needs to be all in one UAG) Unclude all Domain Users, Exlude Allowed USB Users
UAG2 Include Allowed USB Users
Create Device Definitions
DD1 - All USB Devices
DD2 - Allowed USB Devices
Create 2 Rules
Rule 1 - Include DD1, BLOCK, Add UAG1
Rule 2 - Iinclude DD1, Exlude DD3, BLOCK, Add UAG2
This will block all USB devices to everyone and exclud the allowed users
The 2nd Rule is to monitor the allowed users, it will only allow the USBs with serial numbers and block all other USB's from them.
Hope this helps
does the Removable storage protection rule only work in Full DLP ? Does it work on DCM license ?