Great instructions found for you via Peril. It includes a custom “adm” GPO file to utilize for those additional settings. It helps if your environment is Vista and above for improved functions but will still work with XP in the environment.
This setting only allows you to disable devices a much better solution is to use 3rd party software which allows control of individual devices and not only block access but allow read only ensure you only use approved device ensure you only use encrypted devices etc. We currently use Sophos device control however there are plenty of other solutions in the market.