USB Port Security: deny by default but allow IT dept

Hi, DA newbie here. We're trying to make the logic work in our environment and I could use some guidance from more experienced DA administrators.

 

By default, we would like to restrict all non-HID USB devices while allowing the IT team (In an OU and a Security Group) full access.

 

Individual users who are approved for specific uses - say, downloading pictures from a camera, or using a USB stick to transfer postal meter data - should be allowed to use ONLY that device and ONLY on the computer they are approved for.

 

I don't want a user to have access to USB mass storage except for an approved device. Recommendations on how to configure? The DA video on the support site is not very helpful and it's so tiny I can't see what settings are being applied.

 

Thanks in advance for any and all assistance.

Parents Reply Children
No Data