I am not sure you have seen the same issue that I have seen on some clients, by the way, this is User Mode configurtation. for example, I have few groups, one of them is disable removalbe devices, such as, USB, CD/DVD, Floppy disk, etc, when a client log onto a machine that policy worked very well, all targeted removable devices were disabled as expected and client would not see those drive appears in the explorer windows, this is all good.
However, If I move a client from that group to another group, which has no manage of any removable devices, client supposedly see all the removable devices when the policy get updated next time, periodically I noticed sometimes clients moved to a NO device control/application control group. the removable devices were not automatically enabled, or sometimes some of them enabled automatically and some do not, client has to go to device manager right click on the device and choose enable, then the device is avialable to the client.
Anyone else see this issue?