We're concerned about our people walking out of our R&D department with confidential files on USB flash devices. In the past, we disabled and/or removed floppy drives and CD-ROM drives on R&D systems, but we aren't sure how to control this new medium. How can we disable flash drives?
Windows versions earlier than Windows XP Service Pack 2 (SP2) don't specifically address your need. You can make it more difficult for users to access drives A, B, C, or D and use other settings to disable access to Windows Explorer and the command prompt, but sophisticated users can often find a way around such strictures. GFi Software has a new GFiLANguard Portable Storage Control product that you can deploy remotely to all your PCs; then you can use centrally managed policies to control who can access floppies, CDs, all types of USB memory devices, Secure Digital (SD) memory cards (often used with digital cameras), Apple iPods and other MP3 players, and so on from these PCs.
XP SP2 adds a registry setting that lets you disable write access to "block storage devices" such as USB devices. The WriteProtect DWORD value resides under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies subkey. When you set WriteProtect to 1, Windows prevents users from writing to USB devices. Setting the value to 0 enables write access.