I have been fighting a battle with a computer lab that needed to have Administrator rights with all USB (thumb, flash, pen, keychain, insert you term here) drives that were inserted. I tried all information that I could find on the internet with no success. I finally found the culprit in an post here (thanks PiqueABoo from edugeek.net), corrupt crypto services. I just thought I'd pass on the info with all of the steps that I tried. My solution may not work for you, but it will stop you from having to look anywhere else for the other solutions that may work for you.
Microsoft KB 822798 Method 3 http://support.microsoft.com/kb/822798
Method 3: Rename the Catroot2 folder
Rename the Catroot2 folder (Windows XP and Windows Server 2003 only), and then try to install the program again.
Note Skip this method if the operating system is Windows 2000.
To rename the Catroot2 folder, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, and then press ENTER after each line:
net stop cryptsvc
net start cryptsvc
3. Remove all tmp*.cat files from the following folder:
Other Candidates (which all did not work, or I would not implement):
1. Give all users admin rights to the machine then create a GPO to take away access to sensitive/ problem areas (Hell no!)
2. Give users rights to (a) format/ eject media and/or (b) rights to install/ remove drivers (I highly do not recommend "b" for security reasons):
In a GPO change
a. Computer Configuration...Windows Settings...Security Settings...Local Policies/Security Options...Devices: Allowed to format and eject removable media to Administrators and Interactive Users
b. Computer Configuration...Windows Settings...Security Settings...Local Policies/ User Rights Assignment...Load and unload device drivers to give rights to group
3. Install third party software:
a. USBDLM - USB Drive Letter Manager www.uwe-sieber.de/usbdlm_e.html (great software to set USB drives to have the same drive letter every time a drive is plugged in, just doesn't fix this particular problem)
b. A great Autoit script named allow_usb_jump_drives (how appropriate_which needs admin rights to install btw) http://www.novell.com/coolsolutions/tools/16306.html (Thanks Jeremy Mlazovsky)
4. Change permissions on files associated with USB devices
Give users full rights to
a. USBSTOR.ini / .pny / .sys
5. Log on as admin and install every USB drive that you can get your hands on so that the drivers would be automatically loaded for users (yeah, right!)
Please add any other suggestions that you may have so that others may be able to more easily find this info.
P.S. Although I love reading about the differences between client side vs. server side installs for drivers as much as the next guy; unless you're going to give a clear concise answer as to how to fix the problem, please don't lecture.