1. Can have a whitelist so as to allow only the software installed in the machines will run - Observe mode and Inventory Fetch - done. Pending to End observation mode.
>If the whitelist is created when the machine is installed with this software, that would be the expected behavior unless trust polices are assigned to intaller tools like SCCM.
2. Lockdown usb ports to only allow from a usb writing and reading to that drive not that drive copying files to the solidified pc. The only thing they must be able to do is to save the word document to the usb only.
>What is the filesystem on the USB?