DeviceLock

DeviceLock detects USB keyloggers to generate pop-up messages or even block keyboards connected to a keylogger. This feature allows administrators to securely allow all single-function USB mice and keyboards by their generic device class. DeviceLock also obfuscates PS/2 keyboard input and forces PS/2 keyloggers to record unintelligible text instead of the actual keystrokes.

DeviceLock’s content-aware rule templates are located under permissions for both devices and protocols.
ContentLock’s template-driven interface eases definition of content-aware filtering policies.

With NetworkLock, DeviceLock administrators can set user permissions for the network communications used for web mail, SMTP mail, social networking applications, instant messaging, file transfers, telnet sessions and more.

DeviceLock MMC snap-in to Group Policy Management:
DeviceLock administrators have full central control over access, audit, shadow, and content rules covering potential local data leakage channels across the entire Active Directory domain forest.

DeviceLock administrators can explicitly assign users and/or groups to USB device models or unique devices.
DeviceLock will only allow designated users to have access to these while blocking all other unlisted users and devices by default.
This is one method of enforcing the use of ONLY encrypted drives if you’ve standardized on particular USB device vendors.