Our design computers hold proprietary drawings that must never leave the plant. I need a complete data-loss-prevention setup—both software and hardware—to make sure staff cannot move files through email, WhatsApp, other chat tools, internet browsers, USB sticks, or any removable media. Software side • Block all email clients and webmail • Disable instant-messaging apps (WhatsApp desktop, Telegram, etc.) • Lock down or whitelist internet access so only approved internal sites and licenses can run Hardware side • Permanently disable or password-lock all USB ports • Prevent any external storage from mounting if a port is re-enabled • Advise and implement simple but effective physical security (port blockers, locked cases, tamper seals) I expect you to: 1. Propose the exact tools or group-policy tweaks for Windows 10/11 PCs on a small LAN with no existing domain controller. 2. Install, configure, and test them remotely or on-site (let me know what you need). 3. Document every change, including rollback steps, so my maintenance team understands the setup. 4. Validate the solution by attempting file transfers and confirming they fail. If you have handled industrial or ISO-controlled environments before, mention it; otherwise, show me a clear plan and timeline for deployment and testing.