Hi
I am looking to setup a policy which will block all usb storage devices for around 2500 users. The users will be able to use devices which have been allowed by the IT dept adding them to the exclusion list but i am unsure the best way of doing this.
I think the best way is to block the class id \ guid id (To block all devices) then once we check the devices on a standalone we they will be added to the exclusion list using the device id.
The more i read into this though it looks like there is a big possibility of blocking HDD's on pc's which will cause them to reboot constantly, I have also been told that we can get round this by adding the class id from the HDD's to the exclusion list but we currently have 4 different Dell PC's, 2 Lenovo and 2 HP, we also replace older pc's twice a year which means different models yet again this means we will have to keep adding class id's to the exclusion list.