is that it does not tell you that the full Device ID is unique between client computers. For example, we have desktop scanners we want to allow. When we followed those procedures it allowed the scanner, but only on the computer we gathered the Device ID from. It blocked it on all others. In addition, it's supposedly possible for the Device ID on a given computer to change if other USB devices on the computer are removed or installed.
If the Device ID looks like this: USB\VID_05DC&PID_A430\302AC711204744131005 and you allow precisely that, it won't work on another computer.
If you enter it wildcarded like this:
USB\VID_05DC&PID_A430\*
it will work on other computers.
FWIW,
Ray