I was asked to block CD-ROMS for most users with a few exceptions.
Here are the steps I did.
1. Created a Security Group called "Allow CD-ROM"
2. Create an new GPO to block CD-ROM and went to User Configure - Policies - Administrative Templates - System/Removable Storage Access and Enabled CD and DVD Deny Read and Deny Write
3. I went to the Delegation tab and added the Group "Allow CD-ROM" and checked "Deny" beside "Apply Group Policy"
It worked fine but then we wanted to add an additional user to the "Allow CD-ROM" group, however that user still gets access denied when trying to access the CD-ROM.
I have done a gpupdate /force - however it is like once the policy got applied it is not getting corrected with the changes to the user group.
Any idea what I am doing wrong?