How to disable "safely remove hardware"

I have some windows 7 virtual machines in xen that have devices showing up in "safely remove hardware".

I don't want users to ever be able to remove/eject any hardware at all. I'm told vmware has a hotplug option. xen doesn't seem to provide this for pci passthrough devices, therefore I'm looking for a reliable solution to prevent users from ejecting devices.

This issue is not necessarily related just to virtual machines but seems to be a common problem with devices that get wrongly reported as removable. I'm ideally looking for a way to prevent all devices from appearing or just prevent the safely remove hardware option from ever coming up.

I've tried setting device capabilities for specific devices on boot with a script but this for some reason doesn't always seem to work reliably.

Is there a way to prevent this icon from appearing in the notification area completely, either by registry key or group policy?

I should point out that setting this in group policy to "Administrators" did not seem to work.

[Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options>evices:Allowed to format and eject removable media]

I think IconRemover does what you wish, by providing a GUI to the same registry changes.

To answer my question,

One way which seems possible is to write a vbscript which enumerates registry entries and updates the device capabilities for every device that we want to not appear. This has to be called on startup.

An extension to what is done here. http://forums.citrix.com/thread.jspa?threadID=295752

To pick up this dead question, setting the key

HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\Services

to 1d (hex) / 29 (dec) will do it, but you will need to rerun "systray" afterwards. This won't remove "Eject" from the context menu of drives in Explorer.