I wrote a GP to deny access to local storage (DVD, USB, etc) and stuck everyone in it. Then I made a security group for my exceptions and stuck a few people in there. However, IF a person was originally denied access to local storage, and I then move them to the exception list, they are still denied access, even after a reboot.
I ran a gpresult and the policy is NOT applying to the user or the computer, but the user is still denied access, just as they were when they were in the original group. Again, the policy to deny access is NOT being applied, yet the user cannot access removable media.
It's like once the tattoo is in place, the PC is not releasing it....
Any ideas? I really need my exception group to have access to local storage. It works so long as the user starts off in the exception list.
It only fails if they started off in the deny group and I move them to the exception list.
PS: Server 2008 R2 domain running in Server 2012 domain controllers and Win7 Pro machines.