Pressler2904   2165 pts.  |   May 12 2009  4:45PM GMT

We went through this in my current environment: there is no easy way to block access to USB ports… Some organizations go so far as to fill the USB ports with hot glue I understand. What has worked for us here is to set up a system image with the expected hardware and add a few alternate items (for example, USB Optical Mouse and USB Trackball; different types/brands of monitor). After the image is configured, we disable Plug and Play. No account with User level rights (ALL our user accounts, even the IT dept, have User level rights) can then change or alter the hardware configuration.

It’s pretty severe, I know, but for us it works and it’s the surest way to avoid a massive HIPAA leak…

Snsatyendra   15 pts.  |   May 12 2009  6:33PM GMT

We can use the system registry to disable the usb storage devices (note that other usb devices such as usb mouse,keyboard etc will remain enabled)

First navigate to “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesUSBSTOR”
Then in right pane double click on “Start” and change the value to 4 (which is currently 3). This will disable all your USB storage devices. To enable them back change the “Start” value to 3 again.

I have used this technique in Vista and it works well till the users do not have admin rights.

In XP service pack 3 the key UsbStor does not exist by default. So you should manually create a key called USBSTOR in “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet Services”. Then create a dword value with name “Start” and set its value to 4. This trick however did not worked on some of the machines which i tried.

Vishalvasu   95 pts.  |   May 13 2009  12:00PM GMT

In our organization we followed the instructions in this article and it works fine. Hope this helps you too.
 <a href="http://www.petri.co.il/disable_usb_disks_with_gpo.htm" title="http://www.petri.co.il/disable_usb_disks_with_gpo.htm" target="_blank">http://www.petri.co.il/disable_usb_disks…</a>