Blocking access to USB storage devices is done in one of two ways. The first procedure is for systems that have not had a USB storage device installed yet, and the second for ones where a USB device has already been installed.
On Windows XP systems, the easiest way to check whether a USB storage device has already been installed is to fire up Regedit and browse to HKLM\SYSTEM\CurrentControlSet\Services. If you find a key (folder) here named USBSTOR, a USB storage device has already been installed.
Assuming that one hasnt been installed, disabling future installations is quite simple. Just browse to the %systemroot%\inf folder, and look for 2 files usbstor.inf, and usbstor.pnf.
To stop users from installing USB storage devices, open the Properties of these files to the Security tab, and then Deny the Full Control permission to the users or groups that you dont want to be able to attach a USB drive to the system. Its that simple.
If you find the USBSTOR key already present in the Registry, a device has already been installed. To stop these devices from functioning, youll want to switch its value from 3 (in hexadecimal) to 4, as shown below. Dont forget that all the normal Registry warnings apply here back it up first, you do this at your own risk, your computer might explode, etc.
Now, its obvious that this manual method wont be of much help in very large environments, but it shows you how the mission is accomplished. If you want to go further with things, you could always create a fancy script to deploy these Registry and permission settings via a logon script or even Group Policy.