On Windows XP systems, the easiest way to check whether a USB storage device has already been installed is to fire up Regedit and browse to HKLM\SYSTEM\CurrentControlSet\Services. If you find a “key” (folder) here named USBSTOR, a USB storage device has already been installed.

Assuming that one hasn’t been installed, disabling future installations is quite simple. Just browse to the %systemroot%\inf folder, and look for 2 files – usbstor.inf, and usbstor.pnf.

To stop users from installing USB storage devices, open the Properties of these files to the Security tab, and then Deny the Full Control permission to the users or groups that you don’t want to be able to attach a USB drive to the system. It’s that simple.

If you find the USBSTOR key already present in the Registry, a device has already been installed. To stop these devices from functioning, you’ll want to switch its value from 3 (in hexadecimal) to 4, as shown below.

To go further with things, you could create a script to deploy these Registry and permission settings via a logon script or even Group Policy.