Enabling WPD devices to be managed at the capability level

What is claimed: 1. A method, implemented by a filter driver, for enabling a Windows Portable Devices (WPD) device to be managed at the capability level, the method comprising: receiving, at the filter driver that is loaded in a device stack for the WPD device, a WPD command that was initiated by an application, the WPD command querying capabilities of the WPD device, the filter driver receiving the WPD command as the WPD command is passed down the device stack for the WPD device; passing the WPD command down the device stack; receiving, at the filter driver, a list that is generated in response to the WPD command, the filter driver receiving the list as the list is passed up the device stack for the WPD device; accessing an applicable policy; determining that the applicable policy indicates that a first capability of the WPD device should be blocked; determining that a first item in the list pertains to the first capability of the WPD device; modifying the list prior to passing the list up the device stack by removing the first item from the list; and passing the modified list with the first item removed to a higher level driver to thereby prevent the application that initiated the WPD command from being notified of the first capability of the WPD device. 2. The method of claim 1 , wherein the filter driver is a kernel-mode filter driver. 3. The method of claim 1 , wherein the filter driver is loaded in the device stack above a WPD class driver. 4. The method of claim 3 , wherein the WPD class driver is a Media Transfer Protocol (MTP) driver. 5. The method of claim 1 , wherein passing the list to the higher level driver comprises passing the list to a WPD driver. 6. The method of claim 1 , wherein the list contains one or more identifiers of functional objects of the WPD device such that the first item is an identifier of a first functional object. 7. The method of claim 1 , wherein the list contains commands supported by a WPD class driver of the WPD device such that the first item is a first command pertaining to the first capability. 8. The method of claim 7 , wherein the list contains multiple commands pertaining to the first capability, the method comprising: removing each command pertaining to the first capability from the list. 9. The method of claim 1 , wherein the list contains options for a command supported by a WPD class driver of the WPD device such that the first item is a first option of the command and the command pertains to the first capability. 10. The method of claim 9 , wherein the list contains multiple options for the command, the method comprising: removing each option for the command. 11. The method of claim 1 , wherein the list contains identifiers of capabilities of the WPD device, the method further comprising: determining that the list is empty after removing the first item; and in response, causing initialization of the WPD device to fail. 12. The method of claim 11 , wherein causing initialization of the WPD device to fail comprises failing the IRP_MN_START_DEVICE IRP. 13. The method of claim 1 , wherein the device stack includes a virtual bus driver that implements redirection of the WPD device. 14. One or more computer storage media storing computer executable instructions which when executed by one or more processors implement a method for managing a WPD device, the method comprising: receiving, at the filter driver that is loaded in a device stack for a WPD device, a request to list capabilities of the WPD device that was initiated by an application, the filter driver receiving the request as the request is passed down the device stack for the WPD device; passing the request down the device stack; intercepting, at the filter driver, a response to the request to list capabilities of the WPD device as the response is passed up the device stack for the WPD device; comparing each capability of the WPD device listed in the response to an applicable policy; modifying the response prior to passing the response up the device stack by, for each listed capability of the WPD device that the applicable policy indicates should be blocked, removing the capability from the response; and after removing at least one listed capability of the WPD device from the response, passing the modified response to a higher level driver to thereby prevent the application that initiated the request from being notified of any capability of the WPD device that the applicable policy indicates should be blocked. 15. The computer storage media of claim 14 , wherein the method further comprises: intercepting, at the filter driver, a response to a request to list commands supported by the WPD device; for each command that is associated with a capability that the applicable policy indicates should be blocked, removing the command from the response; and passing the response to the higher level driver. 16. The computer storage media of claim 14 , wherein the method further comprises: intercepting, at the filter driver, a response to a request to list options for a command supported by the WPD device; determining that the command pertains to a capability that the applicable policy indicates should be blocked; removing the options for the command from the list; and passing the list with the options for the command removed to the higher level driver. 17. The computer storage media of claim 14 , wherein the applicable policy indicates that a mass storage capability should be blocked. 18. The computer storage media of claim 14 , wherein the method further comprises: determining that the response no longer includes any capabilities; and preventing the WPD device from starting. 19. The computer storage media of claim 18 , wherein the filter driver is configured to be loaded in the device stack between a WPD class driver and a WPD driver. 20. A method for enabling a redirected Windows Portable Devices (WPD) device to be managed at the capability level, the method comprising: in response to the WPD device being connected to a client terminal that has established a remote session on a server, causing a filter driver to be loaded on a device stack on the server for the WPD device; intercepting, at the filter driver, a list of capabilities of the WPD device as the list is passed up the device stack for the WPD device; modifying the list by removing one or more capabilities of the WPD device that an applicable policy indicates should be blocked; and passing the modified list up the device stack to a WPD driver to thereby prevent an application that requested the list of capabilities from being notified of the one or more capabilities of the WPD device that the applicable policy indicates should be blocked.