I wrote a script for disabling USB storage devices that have been used on the machine before as well as for any new ones - for good measure I have added disabling the CD Rom drive as well. This scrip applies to all "Domain Users" but you can change it to work for any user or user group in steps 2 and 3 if you like. I have added in the KBs I used for creating the script. I have it as a daily recurring script just in case.. You will also see the steps how to reverse it as well.
I have tested this on Windows XP, Vista and Windows 7
Just import this into you Kaseya scripts:
Script Name: USB_Storage_and_CDrom_Disable
Script Description: Script for disabling the Mass Storage devices and CD-Rom functions on Windows machines belonging to a Domain.
To enable mass storage again set the hex value in step1 from 4 to 3 and in steps 3 and 4 change the "domain users":N to "domain users":R
To enable CD-Rom, change the hex value 1 in step 4.
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor\Start
Parameter 2 : 4
Parameter 3 : REG_SZ
OS Type : 0
Execute Shell Command
Parameter 1 : CACLS %SystemRoot%\Inf\USBSTOR.INF /e /p "domain users":N
Parameter 2 : 1
Parameter 1 : CACLS %SystemRoot%\Inf\USBSTOR.PNF /e /p "domain users":N
Parameter 1 : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Start
Parameter 2 : 0