Hello all, Since yesterday my company made a decision to apply a block policy to all removable usb drives including phones. We have two domains and for the shake of this request I am going to call the domains domain1.com.au and domain2.com.au. Under both domains there are sever Organizational Units reflecting departments, users and computers. The requirements for the above policy was that we are going to have two Security Groups in the domain1.com.au. A Security group called AllowUSB which will allow access to any removable usb device to the users who belong to that group and a security group called DenyUSB which will deny any access to any removable usb drive to the users who belong to that group. The screenshot below demonstrates this. After that I went to our Kaspersky Security Center 10 under the managed computer group that we want to apply the rule and into that group's policy. My steps where the following Manage devices > Workstations > Domain1(sub group) > Policies > Double click the targeted policy which was "Kaspersky Endpoint Security 10 Service Pack 2 for Windows (Domain1) > Endpoint Control > Device Control The issue that discover was the above access configuration rule could not understand my Security groups but only the user(s). Any suggestions ?