Stopping Reading of I/O Devices on WinXP-SP1 System

We want to make the I/O devices, which include all USB connectors and the
CD/DVD drive as WRITE-ONLY, or rather that they can only read data from the
computer, and not be allowed to write to the system.  I think this can be
done, either using software or setting values in  the Windows registry, but
I am not positive.

It would also be good if I can set up a script or use software that turns on
and off the ability to restore the 'I' in the I/O of these devices at will.  
(This program or script would not be known to anyone else.)


We have PCs that are connected to advanced scientific instruments (namely,
mass spectrometers).

The software that acquires the data (and also provides processing) is
validated on for use on WinXP SP1.

Experience has repeatedly shown that attempting to use later Win sys
environment versions (service pack updates included) causes the application
software for the instruments to crash or have other problems.

Moreover, we cannot install anti-virus software either as this is not
validated and it seems to cause problems as well.

But we have users who need to get the data they acquired from the advanced

The problem is that too many of them stick their virus/trojan/malware-
infected USB memory sticks to get it.  We can tell them to check their USB
stick drives in another machine with anti-virus software, but they don't
always do it (and they cannot be policed).  In addition they claim that they
have antivirus software on their own system and they believe in it (or why
would they use it?), although everyone uses a different antivirus app.

I have asked that a network be set up with these PCs to a central host with
a server that allows them to transfer data to the central host, and then
they can connect to the central host from their own computers and retrieve
the data.  But the pinheads put in charge of setting up networks either lack
the knowledge, ability or resources to set it up.

I want to set up this alternative.

