Try this is more easier to locate the Device ID .
http://www.symantec.com/business/support/index?page=content&id=TECH103401
Once you get the Dev ID then go ahead and configure the policy to block and allow specific devices .
Note try this in test lab first and then implement to production .