Hi,
Thank you for posting your query in Symantec community.
Q. * I need completed usb blocking Exclude :Phone charging,company usb.
--> As Syed said newer operating systems will allow the devices to receive power even if they are disabled using SEP.
To block USB access in the Symantec Endpoint Protection Manager, open Policies, then click Application and Device Control.
- Open an existing policy or click Add an Application and Device Control Policy.
- Click on the Device Control tab.
- Under the Blocked Devices section click the ADD button and select the USB option.
- Assign policy to the groups.
Q. * i need a policy like,if any new computer is coming and computer name is created in AD,SEPM is automatically detected and install to the system(AD integration is done,is that is enough) is it possible??
--> SEPM will not install SEP clients automatically if any system found without SEP client. But SEPM will list down all those machine, can use AD GPO to deploy SEP clients or any other recommended method.
Reference guide: Installing Windows clients with an Active Directory Group Policy Object (GPO)
http://www.symantec.com/docs/HOWTO81177
Other methos are listed here: http://www.symantec.com/docs/HOWTO80807
Q. *If one of new system is not install the sepm,that system can't get internet.is it possible do it in sepm?
--> Possible, but need to implement custom HI policy, By default HI policy is not assign to any group.
Use custom requirements, refer this screenshot.
Adding a custom requirement from a template
http://www.symantec.com/docs/HOWTO101735