The security properties of bands in a band-managed storage device are modified with the IOCTL_EHSTOR_BANDMGMT_SET_BAND_SECURITY request.

Input Parameters

The buffer at Irp->AssociatedIrp.SystemBuffer must contain a SET_BAND_SECURITY_PARAMETERS structure followed by the AUTH_KEY and BAND_SECURITY_INFO structures. Parameters.DeviceIoControl.InputBufferLength indicates the size, in bytes, of the buffer, which must be at least sizeof (SET_BAND_SECURITY_PARAMETERS) + 2 * sizeof(AUTH_KEY) + sizeof(BAND_SECURITY_INFO) when all input structures are required.

If the AuthKeyOffset member of SET_BAND_SECURITY_PARAMETERS is set to EHSTOR_BANDMGR_NO_KEY, the input data in the system buffer need not include an AUTH_KEY structure. Also, if a new authentication key is not given, no updated key structure is included.

Output Parameters


I/O Status Block

One of the following values can be returned in the Status field.

Status ValueDescription
STATUS_SUCCESSSecurity properties for the band were changed.
STATUS_INVALID_DEVICE_REQUESTThe storage device does not support band management.
STATUS_INVALID_BUFFER_SIZEThe input buffer size is invalid.
STATUS_INVALID_PARAMETERInformation in the input buffer is invalid.
STATUS_NOT_FOUNDA band was not found for the selection criteria provided.
STATUS_ACCESS_DENIEDThe authentication key provided is not valid.
STATUS_IO_DEVICE_ERRORCommunication failed. The storage device might be incompatible with security protocols.



Read and write locking and unlocking for bands are set with this IOCTL in the BAND_SECURITY_INFO structure included as input in the system buffer.

Authentication key changes will not affect the lock state of the band. It is not necessary to unmount a volume to change an authentication key with this request.

When a band is unlocked, meaning either the Readlock or WriteLock members of BAND_SECURITY_INFO are FALSE, the silo driver will cache the provided authentication key if SETBANDSEC_AUTHKEY_CACHING_ENABLED is set in the Flags member of SET_BAND_SECURITY_PARAMETERS.

As a special case, this IOCTL can be used to notify the silo driver that a band was unlocked without the use of the locking members in BAND_SECURITY_INFO. To do this, the NewAuthKeyOffset member of SET_BAND_SECURITY_PARAMETERS is set to CurrentAuthKeyOffset with BandSecurityInfoOffset set to 0. In this case, no security changes occur, but the key provided at CurrentAuthKeyOffset is cached in memory, provided that SETBANDSEC_AUTHKEY_CACHING_ENABLED is set in Flags.

The changes made to the band table by this request are committed to the device atomically before the IOCTL request completes. Therefore, it is guaranteed that the band is modified with all of its properties set or no properties set at all should a system or power failure occur.



Available starting with Windows 8


EhStorBandMgmt.h (include EhStorBandMgmt.h)

See also




Send comments about this topic to Microsoft