Controlling Usb Read/Write Acess

I am just looking for confirmation if I am on the right path.
I wish to control user access to usb mass storage read/write access.

The way i understand to go about this is to create a lower filter to disk.sys and fail the IRP_MJ_READ/WRITE IRP calls to the usb disks?

Is this the correct way to do this or is it something much simpler than that?

Thank you.

This is an incorrect way for fine-grained read/write control.

  • There is no valid user context for this operation. The user context is arbitrary at this level of the storage stack, for 80% of operations this is a System context.
  • If read/write fails at the disk level the mounted file system driver stops functioning normally. This results in bad user experience - applications crash, Explorer hangs, a balloon “delayed write failed” is shown.

A file system filter to control access at the file system level.
Anticipating a question about direct disk IO. Direct disk opening is performed via RAW file system, so a file system filter works for this case.