Generally any tool you employ using software can be defeated with a simple use of any Live Linux Cd.

So I would:

* disable boot from CD (if I can boot from CD I can boot into alternative OS
and bypass security settings)

Instead of trying to block it, why not send out a memo with a new policy concerning those devices and then simple tell them that you will be monitoring USB port usage at random:

http://www.softek.co.uk/prod/sl/dlauditor.asp


That is a free tool to monitor the use. But I would first give the users the opportunity to do the correct thing via a memo.

If you really want a software solution:

http://www.softek.co.uk/quote.asp?pi...&p=dl&mm=trial

Not free above.


or

http://www.devicewall.com/pro/learn/...revention.html

Devicewall seems do tod what you want to a T... but again not free.

And this company:

http://www.horizondatasys.com/produc...tml?page_id=60

offers different price plans depending on need.

Or for a registry hack:


USB ports on desktop computers pose a security risk in many environments. This is because simply by inserting a USB flash drive or key into these ports, users can download sensitive files from their computers and transport them off site, possibly in contravention of your corporate security policy.

In Windows XP SP2 you can prevent this by making a registry tweak that makes any USB devices that are plugged into your machine read-only so users can't tranfser files to them. To do this, go to HKLM\System\CurrentControlSet\Control and create a new key named StorageDevicePolicies. Then within this key created a REG_DWORD value named WriteProtect and set it equal to 1.

If desired you could create a .reg file for this tweak and distribute it using a logon script, or you could create a custom ADM template for Group Policy that includes this new setting.
The windows shared Computing Toolkit also may allow you to limit USB access:
http://testing.onlytherightanswers.c...article&sid=38