A. In a previous FAQ, I talked about setting USB devices to read-only by setting the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect to 1. To set from Group Policy, you need to create a custom administrative template file. Below is a template file in the ADM format.
CLASS MACHINE CATEGORY "USB Storage Devices" POLICY "Write Protect USB Storage" KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies" VALUENAME "WriteProtect" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORYImport the policy into a Group Policy Object (GPO) and you will be able to configure the setting as the Figure shows. To view, make sure you don't have Filter On enabled in Windows Server 2008 or disable the "Only show policy settings that can be fully managed" option in pre-2008 GPO editors.