There are two rules created by default in SEP12.1 for the purposes of blocking write attempts to USB storage (see attached screenshot).
All you have to do is:
- Create a test group
- Create an Application and Device Control policy with the screenshotted rules ticked
- Assign this policy to the test group
- Move test clients into the test group
Thats pretty much it. Just make sure your test clients have the Application and Device Control component installed and you're set for testing.
Just in case your test clients don't currently have the A&DC component installed, here's an article on how to change the feature sets of clients from the SEPM:
http://www.symantec.com/docs/TECH203923