How to block USB flash drives while allowing other USB devices.

There is no as such option in SEPM to block USB or Allow USB on Temporary basis. All you can do is Allow certain USB and Block rest. Use the Device ID to create a different rule.

http://www.symantec.com/business/support/index?pag...

If the policy specifies the USB devices as blocked - there is no way to allow it temporarily. You would need either to move the selected machines to a different group with a policy that allows the devices - second possible way would be to create a new location with a differnt policy that allows the devices - but to do this the machines itself would need to change location (based on IP address, subnet and so on). 3rd way is to temporatily disable the policy itself for these clients.

If you are using SEP 12.1 then under Group- Policy tab..under location specific setting you can select the option to gives users option to enable disable ADC...

However in SEp 11.x there is no such option..at the max, user can stop the SMC service..but not advisable as people you stop SMC..after their work is done usually dont turn it back on.

"Thumbs Up" to Vikram above.  It is entirely possible to disable Application and Device Control from the SEP Client console if need be.  If enabling this option this however, you might want to consider implementing password protection on accessing the client console.

http://www.symantec.com/docs/HOWTO55487

This isn't really temporary access however, as the checkbox will remain unchecked.  Any admin doing this must remember to re-enable A&DC on the client