Looking for clarification. In SEP when it comes to app control, when it comes to file/folder access it lumps "removable drives" into a category. It doesn't really say what that covers. Utlimately we are looking to make EVERYTHING read-only that can be connected to the client: USB (drives, keychains, cameras, phones, etc), CD/DVD, Firewire, Floppy, Memory Cards (SD, MMC, CF, etc), Bluetooth. Anything that can potentially carry data off a client client and off-site.
Removable storage - is that only USB & Floppies?
What's the best attack for making things like firewire, memory cards, etc read-only?