Specifically I'm trying to implement a block removable storage policy.
Let's say I have 100 computers named PC1-PC100. PC1-PC10 need to allow removable storage no matter whom logs in. Additionally, a couple user accounts need access to removable storage no matter what computer they log into.
I have tried this by creating a security group, adding the computers list to it, creating a policy that targets Authenticated Users which blocks removable storage at the user level, and then added delegations for the whitelisted computer security group and the 2 user accounts, with a Deny for Apply Group Policy. The delegations worked for the 2 user accounts, but removable storage did not work on the computers in the security group unless the 2 mentioned accounts were logged in.
Can someone kindly point me in the right direction? Thanks!