We are having problems fine tuning a solution.
Ideally we would like ban all but one make of USB stick on a domain. However if we enter a generic disallow such as "USBSTOR\DiskGen" and then allow the approved device on a specific Hardware ID it doesn't work as the Denies seem to take precedence over the Allows. Any ideas?
We are using SBS 2011 and Server 2012 with all workstations on Windows 7 Pro x64.