We are trying to push out a policy to block flash drives. There is a script for this in the KBOX already. If we push out that policy, Is it possible to create an exception group by creating an Exception label and add user names to it? The main objective is to allow only the users in that Exception label to bypass the flash drive block policies.
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


You can make a label that allow it, then make a smart label that is added to all PC's except the once that have the allow label :)
Answered 05/04/2011 by: rmeyer
Second Degree Blue Belt

Please log in to comment
Create a filter label that applies to all users except those in your exclusion label (the group of users allowed to use flash drives). This filter label will be your "deployment" label for the "block flash drives" policy.
Answered 05/04/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
Thanks for replying guys... I first created a machine smart label called "Exclude" that will filter machines containing the users to be excluded. This smart label uses the last logged in user to filter. Problem starts if one of the excluded users was logged into multiple machines, the the USB block policy will not be applied to those machines. I also created a user label and manually add the users to be excluded but there was no way to push out script using user labels.

So, I guess my best bet is to have the users in the exclusion list to give me their main PC number and only use that machine when moving stuff to flash drives.

I also considered making this script follow the excluded users. Say if the user wants to copy stuff from a different computer. The only downside is that this script will have to run to check every time a user log into a machine and this might cause system to be slow during logon. We are still considering other options but avoiding GPO.
Answered 05/04/2011 by: blizzster
Senior Yellow Belt

Please log in to comment