Well to be honest the only way to really stop the use of external storage devices is to whip out your epoxy and fill all the external ports on a machine.
Any policy that is locally enforced is a policy that can be bypassed by an attacker with local administrative privileges or physical access.
Plus if the definition of an attacker also includes the authorized user of the machine there are vectors that do not involve physical media that can *and will* be used (email, IM, web, etc.) to get the data off the machine.
With that being said it is actually possible disable the use of USB storage devices in Windows, I know a few companies who actually do this when paired with Extrusion Prevention Systems and/or Information Rights Management (IRM) systems (Its important to note such systems are best effort also, I suppose information does want to be free??).
The mechanism I am speaking about is documented in KB823732, it is supported as of XP SP2 and once is set the devices function as read-only devices only.
People should think carefully before deploying such a policy, there are plenty of legitimate reasons to use USB drives and doing thisĀ and settings like this don't differentiate by use case.