I have a Device Control policy applied to enable Read-Only access to USB, Firewire and Optical devices for all computers with ESET installed. I then allow full Read/Write via AD Group for the IT department. However upon inserting a USB thumb drive ESET informs that "Writing not allowed for USB Storage" even though the logged on user has Read/Write Permission. Looking at Device Control Logs it appears that NTAUTHORITY\Local Service and NTAUTHORITY\Network Service are being denied write access and causing the prompt. Is there a better way to create an exception for IT that won't cause the prompt? Also I feel like having system level services not able to write could potentially cause issues down the road.