如何使用C＃限制对USB驱动器的访问？

Question

I'm working on an application that needs to temporarily put a machine into a restricted, kiosk-like state. One of the things I need to block is access to attached USB drives. Is there any way to do this, via C#, other than messing with Windows group policy? (That approach is covered by my other SO question on this topic )

I realize there might be security implications of this, and I might need admin rights to the box, and that's OK. At this point I just need pointed in the right direction to continue my research.

Update:

I'm targeting Windows XP for this. Vista support would be nice, but not required. ideally I would only block USB drives plugged in after my app starts up, but it's acceptable to block ALL USB drive access.

This application will be run on machines I do not control. Basically my app gets installed, creating a restricted sandbox. The user then logs into my app, performs some timed actions, and then logs out. My app is them removed, restoring the PC to its prior state. I'm looking for a code-based solution that enables me to make the fewest number of assumptions about the pre-existing environment, up to and including the assumption that I can access the BIOS.

Answer 1

You can do this by modifying the registry.

using Microsoft.Win32;
RegistryKey key;
key = Registry.LocalMachine.OpenSubKey
         ("SYSTEM\\CurrentControlSet\\Services\\UsbStor");
key.SetValue("Start", 4, RegistryValueKind.DWord);  //disables usb drives
key.SetValue("Start", 3, RegistryValueKind.DWord);  //enables usb again

http://support.microsoft.com/kb/823732

Any devices already connected will remain there, but no new usb drives plugged in will be automatically mounted.