Shutdown USB Storage Devices on Win 7 Pro & Win 10 Pro

I created a new GPO object and then did this -  User Configuration \ Administrative Templates \ System \ Removable Storage Access \ All Removable Storage classes: Deny all access.  Next under security filtering i applied this policy to a single user by username.  I then went to a workstation and ran a GPUpdate /force and rebooted.  Then i logged in as the test user but i was still able to write files to a USB drive.

This new GPO is linked to my primary (and only) domain, its enabled and enforced.

What am i missing?

See pic attached
GP1.jpg

Security filtering by user doesnt work the way you think it does. So yes, you broke your policy the moment you made that change.

More info in what broke and why.

https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/

so how to i apply the policy?  By machine?

I'm still having problems applying the policy.  All of my domain computers are in the computers container.  I want it to apply to all computers except for five of them.  However, I can't even get it to apply to any

User settings apply user objects in AD. If you link a GPO with user settings to an OU with only computer objects, nothing happens.

Similarly, computer settings only apply to computer objects. Linking such a policy to an OU with user objects would have no effect on those users

Then there are security filters that have do be done right either route you go.

Chances are one of those setup steps was done in correctly. GPResults is your friend when troibleshooting.