USB "thumb drives" drive some security folks crazy because they're so small physically and so big storage-wise; what's to keep people from popping a USB drive into a USB slot, copying corporate data and walking out the door? For the USB-paranoid, SP2 includes an ability to let users read data from a USB drive, but not write data to that drive. It's a simple Registry change. First, create a whole new key: HKLMSystemCurrentControlSetControl StorageDevicePolicies. Then create a REG_DWORD entry in it called WriteProtect. Set it to 1 and you'll be able to read from USB drives but not write to them.