GPO for Mass Storage Devices based on security groups

Hi.

The policy section to use is shown here: http://technet.microsoft.com/en-us/library/cc730808(v=ws.10).aspx - as we can use security filtering, you can indeed impose this policy to a certain AD group, only.

How do I apply this to just a certain AD Security Group?  I know how to apply it to a OU, but not a security group.

Like I wrote: security filtering. Find it right in the security section in the properties of the GPO.

"You also need to give deny permission on usbstor.inf and usbstor.PNF to disable the USB else the disable policy will not work" - not really true. This section of the link you reference is talking about making it work for windows 2000. Here, we have win7 and the built-in policies can do it.
Also, it's no use to set it at the computer policy as it will affect all users.

I will be onsite and set this up next Tuesday.  So, basically from what I am reading, I should create a security group called 'No USB Access'.  Put my users that I don't want to have USB Access in that group.  Then create a User GPO blocking out USB access and apply it to that new security group I created.  Sound correct?  Based on what McKnife said, I want this as a user policy since a computer policy will block everybody regardless of security filter settings.

This works.  However, I want to deny access to all but 6 users.  So, is there a way to reverse this and apply it to all domain users except allow it to a group called allowusbaccess?

Nevermind - Figured this out.  Applied it to the default authenticated users groups and security, but under the delegation tab, I added the allowusbaccess group and went into advanced settings and did an explicit deny on read.  Thanks for your help.