Disabling USB storage device in windows during transferring data to PC-CodePudding

I had used the following code to disable the USB drive in Windows but it does not work while transferring the data from USB to PC. I am requesting suggestion from you for any other alternative to disable the device during this scenario.

if (SetupDiSetClassInstallParams(m_hDevInfo, &spdd, (SP_CLASSINSTALL_HEADER*)&spPropChangeParams, sizeof(SP_PROPCHANGE_PARAMS)) == FALSE)
{
    printf("Not able to manage the status of the device.SetupDiSetClassInstallParams Failed at ErrorCode - %ld\n", GetLastError());
    writeLog("err", "Not able to manage the status of the device.SetupDiSetClassInstallParams Failed");
}
else if (!SetupDiCallClassInstaller(DIF_PROPERTYCHANGE, m_hDevInfo, &spdd))
{
    DWORD error = GetLastError();
    printf("Not able to manage the status of the device.SetupDiCallClassInstaller API Failed at Errorcode - %ld\n", error);
    
    writeLog("err", "Not able to manage the status of the device.SetupDiCallClassInstaller API Failed", error);
    {
        if (error == 13)
        {
            for (int i = 0; i < 100; i  )
            {
                writeLog("war", "Retrying");
                if (SetupDiCallClassInstaller(DIF_PROPERTYCHANGE, m_hDevInfo, &spdd))
                {
                    printf("retry succeeded for disabling device\n");
                    writeLog("suc", "Retry succeeded for disabling device", GetLastError());
                    break;
                }
                printf("retry failed for disabling device\n");
                writeLog("err", "Retry failed for disabling device");
                Sleep(20);
            }
        }
    }
}

CodePudding user response：

Just try to enable Edit group policy in Administrative Template/System/Removable Storage Access/Removable Disks: Deny read Access manually. Or you can use Group API using program (https://learn.microsoft.com/en-us/windows/win32/api/_policy/).

you can refer the below code for disabling the read access.

int denyRead(DWORD val)
{
    HKEY key;
    HKEY pol;
    //DWORD val = 1;
    DWORD disp = 0;
    GUID ext = REGISTRY_EXTENSION_GUID;
    CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
    CComPtr<IGroupPolicyObject> lgp;
    HRESULT hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER, IID_IGroupPolicyObject, (LPVOID*)&lgp);
    if (SUCCEEDED(lgp->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY)))
    {
        if (SUCCEEDED(lgp->GetRegistryKey(GPO_SECTION_MACHINE, &key)))
        {
            //All Removable Storage classes: Deny All access
            RegCreateKeyExW(key, L"SOFTWARE\\Policies\\Microsoft\\Windows\\RemovableStorageDevices", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_QUERY_VALUE, NULL, &pol, &disp);
            RegSetValueEx(pol, L"Deny_All", 0, REG_DWORD, (BYTE*)&val, sizeof(val));
            RegCreateKeyExW(key, L"SOFTWARE\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE | KEY_QUERY_VALUE, NULL, &pol, &disp);
            //Removable Disks: Deny write access
            RegSetValueEx(pol, L"Deny_Write", 0, REG_DWORD, (BYTE*)&val, sizeof(val));
            //Removable Disks: Deny read access
            RegSetValueEx(pol, L"Deny_Read", 0, REG_DWORD, (BYTE*)&val, sizeof(val));
            //Removable Disks: Deny execute access
            RegSetValueEx(pol, L"Deny_Execute", 0, REG_DWORD, (BYTE*)&val, sizeof(val));
            RegCloseKey(key);
            hr = lgp->Save(TRUE, TRUE, &ext, const_cast<GUID*>(&CLSID_GPESnapIn));
            _com_error err(hr);
            wprintf(L"%s", err.ErrorMessage());
        }
    }
    lgp.Release();
    CoUninitialize();
    Sleep(1000);
    return 0;
}