Can't any spare USB ports be locked via a server policy on a network, or disabled via User policies or something like that if the concern is so high.

I did the IT for a small publisher for a year and a half, being the only IT guy there with two servers and 40 odd computers and little experience, and full admin access, I spent my time learning as much as I could about NT Server, and I remember learning about security logs letting you know who was logging on and the like, so I am sure that it would not actually be that much of a problem to have it so that devices installed as a logable event and you would have thought that if you are not letting anyone plug anything in anyway, it is hardly going to clog up the logs every day.

JFornonnyd