There are several questions here about disabling USB storage in general via GPO but I can find no information on whether it is possible to add exceptions for specific devices. Put another way, can USB drive types that include builtin encryption be enabled but generic USB drives disabled?
This needs to work on Windows XP.
Checkpoint have a product that we use called Pointsec Protector. This does a whole load of policy enforcement for USB connections (and optionally CD/DVD too) which we use for our XP machines.
We use it to enforce that all company USB sticks are properly encrypted to a decent level (with decryption keys accessible by the helpdesk for when users forget their passwords). It also blocks all access to non-company approved USB devices and non-encrypted devices. All managed from a central server and console with a small client on every XP machine.