Use the following procedure to disable USB drives permanently.
1. Go to start >> run >> regedit and navigate to HKEY_LOCAL_MACHINE\system\currentcontrolset\services\USBstor.
2. Change the value of the REG_DWORD “Start” from Value Data 3 to 4. If the value is 4 then the device is disabled. If its 3 then USB drive can be used.
3. The next thing to do is to change the permisions on the USBSTOR key. You need to DENY full control on the group on which the user is present. DON”T DENY ACCESS TO YOURSELF or else you will not be able to set it back.
4. Select the registry key “Start” and select ‘Permissions’ from the Edit menu. Check the “Deny” checkboxes and click apply. A mesage box wil pop-up telling you about “deny” getting precedence over allow, etc. Read it for your information and click OK.
5. What will now happen:-
If a user tries to use a previously installed drive the device will be blocked and nothing will happen, no prompts, nothing. This is accomplished through step 1, the dword value.
What happens if a user plugs in a “New” device that was not previously installed, the hardware wizard will run, asking for the location of drivers. Regardless of whether a user selects the “automatically” search and install or if they attempt to manually install 3rd party drivers, the HW wizard will prompt the user that “access is denied” once the drivers are selected. This is the result of step 2, denying “system”.
If anyone asks you how you came to know of this, say, “There are some things which can be learnt only in PICT”.
(For preparing this, i was helped by Chinmay Limaye.)
In case of any issues feel free to comment / contact.
Use of this should be done for ‘constructive’ purposes.