i've now successfully managed to block usb flash drives.
I had not applied the correct user group to the rule.
I still cannot block mobile phone mass storage like iPhones and other android based phones.
Does anybody have any ideas.
Thanks for the reply Jose.
I tried this again yesterday and managed to get it working.
I have found a helpful website that list piratically all VID/PID info for manufactures. If the "Windows Portable Device" does not block a certain phone manufacture, you can always block using a VID - Vendor ID or PID - Product ID by creating a new PnP Device Definition . The updates to newer VID/PID's on this site are pretty frequent.
In order to create a PnP rule to block by PID/VID, you can follow the product guide located in the link below.
I hope this helps.
this is a great find rphalen and will be really helpfull both to myself and other uers.
If somehow your company policy changes and allow MTP devices to be read only, you can achieve that by setting the GPO to set Windows Portable Device as read only.
I tried GPO with a test windows 7 laptop and could not get it to work but thanks for the suggestion.
I had it configured as below.
When i first starting looking at configureing this most of the internet posts reffered to configureing as i have in my screenshot.
I did not come across any posts mentioning WPD devices.
I will have a go with this some time soon when i have free time.