Blocking USB is big thing ???

Hello Fellas, 

Do you really think blocking USB is big thing?

If yes let me remind you in Windows World everything is registry and if something is blocked than it has same registry to unlock it. 

You can block USB mass storage with Symantec End Point Protection also and it’s even more simple than Group policy few next and you are good.

http://www.symantec.com/docs/TECH175220

Symantec Endpoint Protection you can block access for users to use USB Pen drives and allow usage of Keyboard and mouse. 

1. In the SEPM, Under View Policies, select Application and Device Control

2. Right click the Application and Device Control Policy and select Edit.

3. Select the Device Control view.

4. Under the Blocked Devices section, click Add, select USB and click OK. (If Disk Drives isn't listed, it is already added as a Blocked Device).

5. Under Devices Excluded from Blocking, click Add.

6. Select Human Interface Devices and the devices to restrict one of its functions. click OK.

7. Click OK to the Application and Device Control policy window and assign this policy to the client group.

Here are the reference articles: 

How to block USB hard drives in SEP, but allow reading specific USB drives in the SEPM Application and Device Control Policy

http://www.symantec.com/docs/TECH173724

How to use Application and Device Control to block all USB devices except those I specifically want to allow

http://www.symantec.com/docs/TECH105770

  

How disable in Windows.

Give Deny permissions to following Files

%SystemRoot%\Inf\Usbstor.pnf

%SystemRoot%\Inf\Usbstor.inf

Or

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor.

Change value to 4

Use GPO to target it to all computers.