From 87cfa2d79151477f1718894456b9db6d19f415b8 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Fri, 27 Dec 2024 09:43:01 +0000
Subject: [PATCH] feat: support windows host-process deployment

---
 Makefile                                      |  23 ++
 charts/latest/csi-driver-smb-v0.0.0.tgz       | Bin 5265 -> 5634 bytes
 .../csi-smb-node-windows-hostprocess.yaml     | 124 +++++++++
 charts/latest/csi-driver-smb/values.yaml      |   1 +
 cmd/smbplugin/Dockerfile.WindowsHostProcess   |  24 ++
 cmd/smbplugin/main.go                         |   1 +
 .../safe_mounter_host_process_windows.go      | 247 ++++++++++++++++++
 pkg/mounter/safe_mounter_unix.go              |   2 +-
 pkg/mounter/safe_mounter_unix_test.go         |   2 +-
 pkg/mounter/safe_mounter_windows.go           |  11 +-
 pkg/os/filesystem/filesystem.go               | 166 ++++++++++++
 pkg/os/smb/smb.go                             | 113 ++++++++
 pkg/os/smb/smb_test.go                        |  59 +++++
 pkg/smb/fake_mounter.go                       |   2 +-
 pkg/smb/smb.go                                |   5 +-
 pkg/util/util.go                              |  19 ++
 16 files changed, 793 insertions(+), 6 deletions(-)
 create mode 100644 charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml
 create mode 100644 cmd/smbplugin/Dockerfile.WindowsHostProcess
 create mode 100644 pkg/mounter/safe_mounter_host_process_windows.go
 create mode 100644 pkg/os/filesystem/filesystem.go
 create mode 100644 pkg/os/smb/smb.go
 create mode 100644 pkg/os/smb/smb_test.go

diff --git a/Makefile b/Makefile
index 36da33ee4c3..6002646be0e 100644
--- a/Makefile
+++ b/Makefile
@@ -102,11 +102,16 @@ e2e-test:
 
 .PHONY: e2e-bootstrap
 e2e-bootstrap: install-helm
+ifdef WINDOWS_USE_HOST_PROCESS_CONTAINERS
+	(docker pull $(IMAGE_TAG) && docker pull $(IMAGE_TAG)-windows-hp) || make container-all push-manifest
+else
 	docker pull $(IMAGE_TAG) || make container-all push-manifest
+endif
 ifdef TEST_WINDOWS
 	helm upgrade csi-driver-smb charts/$(VERSION)/csi-driver-smb --namespace kube-system --wait --timeout=15m -v=5 --debug --install \
 		${E2E_HELM_OPTIONS} \
 		--set windows.enabled=true \
+		--set windows.useHostProcessContainers=${WINDOWS_USE_HOST_PROCESS_CONTAINERS} \
 		--set linux.enabled=false \
 		--set controller.replicas=1 \
 		--set controller.logLevel=6 \
@@ -162,6 +167,24 @@ container-windows:
 		 -t $(IMAGE_TAG)-windows-$(OSVERSION)-$(ARCH) --build-arg OSVERSION=$(OSVERSION) \
 		--provenance=false --sbom=false \
 		 --build-arg ARCH=$(ARCH) -f ./cmd/smbplugin/Dockerfile.Windows .
+# workaround: only build hostprocess image once
+ifdef WINDOWS_USE_HOST_PROCESS_CONTAINERS
+ifeq ($(OSVERSION),ltsc2022)
+	$(MAKE) container-windows-hostprocess
+	$(MAKE) container-windows-hostprocess-latest
+endif
+endif
+
+# Set --provenance=false to not generate the provenance (which is what causes the multi-platform index to be generated, even for a single platform).
+.PHONY: container-windows-hostprocess
+container-windows-hostprocess:
+	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" --provenance=false --sbom=false \
+		-t $(IMAGE_TAG)-windows-hp -f ./cmd/smbplugin/Dockerfile.WindowsHostProcess .
+
+.PHONY: container-windows-hostprocess-latest
+container-windows-hostprocess-latest:
+	docker buildx build --pull --output=type=$(OUTPUT_TYPE) --platform="windows/$(ARCH)" --provenance=false --sbom=false \
+		-t $(IMAGE_TAG_LATEST)-windows-hp -f ./cmd/smbplugin/Dockerfile.WindowsHostProcess .
 
 .PHONY: container-all
 container-all: smb-windows
diff --git a/charts/latest/csi-driver-smb-v0.0.0.tgz b/charts/latest/csi-driver-smb-v0.0.0.tgz
index e310443510541022dfa203a09c444b6ccdd6a180..87fe3c8272a6b9a915ce0c342ba0d07fb2c27a2c 100644
GIT binary patch
delta 5606
zcmV<C6&dQ0DS|AJJb(Ld+qTyG*+BmX!X2>gew812b)SL!&?eayY)yhV-NkToQP9$f
z%`cLuOHxj}EdTolKJ=z+`H?j3wSYFZM4m&D=Y0-omlMZhWD3mT!KiyQ!Ax{!IPkyQ
z+|}##dIx)Z>Tj>tEC22F4|cxm@4egI-FvsY(|h+_ufNyZ?SFlTdK(-=?G<x@*>}CQ
zag|^0E4gq){s6`a4F_o2Z{a9Pzxr4J7cCFC%Sa^Dz2V0X=xBI~jupwE8_Ljc@d#K5
z0(dLL0Sr))q*~Jye6Q2%^jcr~jkj0+D)Ijm`!Vnh3xN6j-|x%MCH~*pf4AlT=eS6K
z$1rFiG{PJ%A%CI+#9&OgV6)EcPrO5Dmy@x>1!Z^)ErfV5lFbof5K&G9WwQYqyG*vc
z{fRqV;4uluPOev%2cyW3$0Sr81s)HOi$lz2>U$LX{sr}kI~$<Wn=>jd7;p$h3rSIO
z!RVAo0RpUww=2mv%35Ubr~93Lr`G`fC2;bW4fdRAP=9Ed?wCW_@AP*T<MhcCLg4&@
z(Ggf)DR~~r=Q-#*o&Mfp=ppq$3+GEceq1+gvSq^hENNTB*WhhjP9jF{XBL{67@|n^
zgQN+r=JAe%9=+qq^4-shv)I|0kG92uO^FNdU6;n8khon2Sik@Y76W>X{yBkAeSV8f
zTZDCEj(_fm@1qfzE}l|iGa7f$5Cjqw-C&;sA~*6Ty2GKm8FP@|8KQS#N8+QQVAS`4
zX@$pwk(1qXI5umMJyr9~ajV5f*ewrPwpPkhYRr~il|lYy$K}LOVykrnSj0>b4}^H+
z!!IEIpne>{P+-9g$X0HQDX8jLTWZ;S;$l8P{eKohUdWSKKk{QPfc;Du7yl$;@+;-y
z3<N^25uRe=OWa87i~%}^8yx%MZC$V8gBC&o2u56fL75n!o&P=9+q1LB1h6kASu;r;
zEDq1Zk63~m=oL$D9_cr`@No#)BcG0chbj02wBJJLj<Q=4jz3C*I3{d>+FcPuZ8a5~
z#(&HOu2I_rkQ`$`1W&%n7YP)}@AY~giMh+*KQZupD>sS<sNV}J-FA{*WpVU$m@Kng
zkF38YvQ%Z%qu5ys1-`i<ArZ3ydU!N^Hv}JCL7BNFs1FQF8`gkz&@IdcsI9n?Q6D;)
zoRU&2P^8s17-=MXOK9zrd%^`z9>C2FxPM}R+Glj=PQZ(OXg7jy_%D)F`s7%g4WT(=
zL=YGI?>&!({5<q$tHEq3$tWcNzW)@al0=K2BBwSG2fGa@pyiV=zRv`vmx^7FpA`h7
z?229^4?{ph4noPz=ah<a1$__$)SY71^~tDf?#O3sw10%%2^<rqUQVt`TMjq*u79-I
zEwB+V%B70&AQS}q$d%pRA_yWeLtHQtj!^(O<jB(_d{f5PO~7=2G^j5a+>m>NGE!gG
zz$YQP?&lxv>}jQ_l5~DnDOPJ)eYJwKWz4VwTWIU&HTo3#z`3%4u+IQ{Gc>`TWD}$;
zHbg=$u<wKS78y95#2D-tXot!gBY#|tj4<$8NE%X-@-G;5fpe*>F$sb3OjX-BQd*2Q
zu1uNbhoiyu6tioejIPbi9~8j^bPB_dA3owJBH{QrmW22z43yoN$bh-pp(Ii%UsaB-
zMZEhfE%V+w#JeWSrz2j2qUd^52soiRX~`!9Y8pwB)Xu>u7AU|o=?<jyjDG?g#@P2~
z2>YBW;CYf%IP2)KNK0B7RkV|00;cWp_SqGB|LN-2^UKq#Kd-Nce-5usKDN^}OO=?J
zgm#4(2g%E|T5ik*4SvTX@HOt&uhEgT@m)C_L~jrdLn`#(q*H@EPyO+IBqo3&>hV@Y
zz4uuwI~ZS~m;<3W2C2@a+kcEOx?qGdB4$TE<_Z9WJZ8qVlD!d+*_2En<rc&zlnFcr
zE<rK48K8*}5g&BB#kugP%ca5NLL}6O8#0ddN^~RYIgvr_L=2=>lJ{Ftemr`O`HTw)
z99L^)$2B&O#6AQ!maUcd2loPv<w)g=(<q`$#B!14Td_D)ZIoz3n17>?hKy2yMl-}g
z2&oJ);s)H2h9)tLW(e+a5cz-x@_VVt06j?9@A)S#{hofW*GG>nOCt`hOM~cw(HkNS
zs|PWQV1O>;P>=wOP4b8yTc!A)fFM$F-|pG@)yc3U?#22srbY4p-M!sX{BM7McXu2A
zdyeaB0xF<C{P-aW>VFfC#)d{ch<rK&#p8-a4Oetptt*P$3AnfA-kOO87BPQ|A|EgZ
zNwR~M(blf;k>g0=$0O{*;ll&!T!L!XIZN)M$45B^4a{-4k%EV997QF4EFo2ZpvT8H
za-2IX+{rfKFz>46|IZWfBVfEEqIFXN3;4gkf6y=S|H0nQHh=#AEZ4(B_aA6Vf`Qaa
zNGc1dDGmcUE$##c=pWt3$5u-<JGqZ==qY_CxlURF^0TXQ#;V=JgCpHL5&~-TVAPS#
z+Q`YCNVS7HI?JpWweyG0ILVghQ(%mEfc}=&S?HpJUG<R!!}vz}nr$Zo2BD`u>!BHo
zL^`7r@Po|OMt|0E>E;@k{wxiws&G*@VdzRb%_d^3eF7ZfF?h~sR_Zl0f#|x9#vpun
zKnWM-C$Ur8FHNv2Y<h0rr+Hk{P0mV(Pr7Qc3Qf(+IN6<~=ie$YEX8sAf7+=1xou#{
z*(5jV(&f!gq$V2)`X>&2dyBsj2|Wk}+ELT5!O7LME`Mwk`@Xbh7zn+*saaLCw6eoc
zx6g<rH(HhOy2u(ywB>sP)rsM740HQQM^UeuoV@%C*gwkQd})R+UA6MR;OZ#nY2~Ew
z0{Oq&dsmYGJH5UB-d6rU$5rBvx=7CB<Ez#!3B3V2Rxa-l#H&`mb_7Qe?@s%#S^)^`
zVSxv)(tn(jWR5!c+OtLyzHYAUKi$V>7QT|=g@mpjdnH-k$x9a5kVoLEQN)pl1q=nl
z0>(3S3n4~*pM>L2>Y2G$4M^vPu3|yO=VsUl8Sg3&Qa(uRRs%ke=BROv6NEU5mYAS~
zJrjW0TsN4NgLJsdBSy%~rlglUA}00yasiMW!hd{N<W*ipWaInEEN>z<ldfg=HhTwy
z`#ehEqV$?%F-9Hc%RfwA=(C0NnM7*P-{?Ov70NS7KuvT6|BkZTB921jrpcV;J0wKj
zWP&P?6_F<4rraE+5vV2S-Vz_l%~s`UZk7@VO2FhPv!I}B$TL&&xkYtyDQq=uuM*up
z!GBz*CQ!TEE^6#-j<ec?0v{lxOJKA~ROp(N#GuE=$}>CIL47-c$I^T<lk9V7I*K(h
z6_ztabdf8qsE3plU=+y1kzc;F;@Vytx#rq`#X^yl4ZsEUfBU=d4$Ai5{?4}k_gOB-
zaT3E$#rgsWh0U<b>^hrSmm`u;8x75@xqqg{oVMkpMU@zFd9w?2B~_u2$v(K`xgH=d
zBv<m*S&eaKea+M+E1G0YEwWmJ%!(|hQ!}GIO}He!X371|p8t))oWd`_%eksW(79|-
z)+d)p8dx0uQn!Mck#~$!!%}^ET`l0!8Dz@x^<L&)=+BVAx4=!lRSr9~d<aJ&6@Q4U
zs)=;Mj9J0a8xi>hRhygaob}X3ogZ})I5EzyfCapr%|pcivjZwyVQKFgQ>;~4m-MTt
zO{C09-{twMZKS8Nc4XRyeP6kY(zL41q?`OU3CE}7kfyg!?!k@Kj)7dyqFt<JviMk<
zc!~>8?jr`AXZiU2RgON*dHWoRXMY$}X1`IvRHbu1=dV-#*3m)eSuigccWFTyk60I~
ztv}Qfty#Pqb3a!IWoMwYK?bW>uUqjWijQ-!G6=<F_&l~N`BL@%PFWDitDIgRAXPY4
zCwUhx;`~(`pmw_~gwxKeyIw8pSW9knesRj_<EjcNceW~$k{YR7pkjc)5`Q09X33Uv
zFRR{VopYIPC}`$k=4ynCZrTRi%v#u17ck%2ID&bPv!TPeA)H0tLI|^QNuWEZ?Mx4M
z+LfD*TnOxWQV$${|K|Pi@#V>I_@kwv57-0dfT>Se+@eA9*#ZRa1;dWEG@ZoCQ>KWe
zu_@4Z#?qBK{FR23UHowgu78h7pk-rSPX>a`91;p(Q|vndzCYaU1^I>$PRnzsN!QF#
zNzSV}RK4Xx{_Ak+-Yy#r$S-gqCXfR(Rr?QAMSW$BRkhs(785;=(g@8S2kPE}a6G~a
z#zs;yXA?>V!`?J34L2vK`a8t|m&IOTR1C0p9{RIOO2yB_2VE3Y(0_yaa&d%5#3zD4
z#a8hcjj9&T``>@JN}XgsQ8S5S_6clU+F0RQxjt#Rx|CTHS2O9-RE}7s&~wO^ADjse
zJs%v+K@JIH4h}Fz*`cas{Nc+oe=_&0F#a6YmRG%8SdH<`P*-L8&G2$k*X!sFd=1#S
zPzk(Qj-CU$%4o&LD_HXNrZ6_)?xK}YN9DSuS`9~#0B9@@cX_43M2N_N(2FPu#i37K
z>`NDDV0UtgBhR*^pppkCAx{r?mSVah?3d1Wh0%T``j!WyCX6ZliH)*j1z?pWWRsI`
z4Htj5devCm2`_&C=4g2O`Q+^Q;{5dN%H{)@ousKKP$x}vdNsV8+jnZmtP>(>WvPLn
z?<T=mOE<Ht)KTmu*{<fbOS?}?z#_`344t~HdfQu*_p(~qrb+2p#HgSy^#|zc=py&b
zx<y4_H<<V_gR2PxKB2y+ck5-Bl%~IcD6@Z~lBg&ZuH|uPk));RU*(5$-n^+aCLs|7
z`^Vtp*$`YBdVGL(dxbVeMWm1W#m5maLOpxuTI(!NzjhNX4$1wX+pW`KbA@Nb$dvdn
z&h2W<uJr`w%kk@YFse~5dW4o(juo}qkf`>2KfJhNyf1Jq%>Npxx6X+$i}ru)?391^
zf4n>B_qX}q=eQilDWrSN2`9;+C)2*k4j&Cq^#+gmiQuA+Ow+bl2<%QSP3kDy>KRe*
zG`ykb;m6#5%r8A9|5evQ{!ez_di0JvQfEiHs%{C1u;~1!-Tl(}Z#%oY{hclUKgVUf
zARKy?>cnKTZ25lO4sOZtr5fSoD@lJ6Bx&{O6BUw_YJ!!4P%H^HHp9{t!K$C7Ab6F6
z6WeS&RlSJ~S5lo(Tfw@~T%K*ivn?f?Y<RX;zpj-3U06t)EKphzvBZ0Q)tTG`@-hj0
zb%x4XDcV|pr?jy-XV}|zIH!+GmEyT>l|u2nn^LS3pR-rLzFb0*%h8;KvwVO4@?%k%
z1rR-LSgML>`3O~AbjqbcfJ3hmpo-`nFg^j_@4&q!DeG2loxz=RDj-1W|EpO9C_Rw}
zInpCWM}up1Ac;DWBsr4g`dXiZ$gi(!jpplX<oryTTNucb<t^sbLfB6TY(T4)(?&K+
zy9*IiNzB$|#W?FzU@ud79j$-Xp4?a_-I`ErF&(-nu4>3O#iCN25f+of@829>p8j!i
z`T6qXm(RoVqu)MXyubR@218T46~x8wpME(#Qy`8{FKwMmS=sdiY!-vZyrg8kggfh*
zvnIc!M`4>1`)JmX4s%CPoY7Tqe@@Oly}q_$`0dk&lh0@8$0wi9-hY2Qv0?a`(V$wk
zc|*YWF5#y7#5~h+L}_m-ZaGU1)X~>ssc&PkI!!P?{+JL(7JRh8{<2BtZ363Q5?FO&
z7ylK@Irc$wNkd^<$a^V|Vt&SJmAq4Zo~+VPj(~WF-@hsHaJivMy-8=*8G}fwQn<i^
z=SO8q+&Z=cXzg#O&tiX5L8U;S#^!jcTHJ~Cd2ELk;XL;Mw-TNgt{t92a+Z$ouQu3-
zXx)?;t<T}0rxBYk_~3;XaxE4AT`>!^X#ZdT-EMjR-@Cp2ZT$B+uA1{7(qkXC5#4P>
zcN@{&Ms(MX=*|l?l}ctaE#9#B<Y;hRSAJrm4<2b0xY}0YZlr$_cabBqxE5Dca5)iW
zqUu7eTzR{`e{eKV@fT|lW>a;&%No@islVM!RAL)2{&E3hJ69GNV0lhmIsp7^?6ykO
zb&h+VJL~ZJx-I{ce;yw<5R?5TBBqOX8{{-?ajf$db<({+VT*v|8*jt9+pz8?_9blN
zvriqLU2<o`Qr3T7V(-`N9eB144h^<2*q*)kjS0<E@k<SHFV<d(p)*(W%uf$Ig;vZ?
z;l1HbL?Uo1Q;-96ecid1jjnUu(#>?`o>df*^H;$k`<1%9Mq&aS6gzN)86Yl*?<Y|M
z&m83(L|71|HfL{TkJ%3lP|Vd21?7RM!=8vfZd`>TCYXO4i1OA51V-i<?BrDPqv0va
zep<50yh<o*Om4ON+!<aTo1W%!zZai_(VuHK=`5gdRh}njq$ul_Blo7Hz9g~|-EWNM
zH$?Bt(E2*lT!gh0(XTY&c6@XEhj~~UWqh-mn4&^fDS@=`uQDXNPFa04OCh%^p0#IU
zjuSj@bmxEUNFUL-O~}5mt5N=U&EJDxkpJC1*nL;t|F?6nJ^%Gtu2LdOop!g$?5_s6
z&HdWv;;AyfRZRN&1`m#Xnmn)U(aLmY^K&rG%&&U{W-;H|G>xv$s@z}_-Pi|TbGExO
z8+wIa^dXe%=EIvD#<0zXe>>+=t(g~pp3Jr8yRU!y+^B7W`=uqg?Z-P-nyr(^UaFL2
zrE?h9%w=oN%AEDCan`%F&iZPHL2fo*yu#^pt7MD2E9HvI!fKl--e!uQI#aydk#}{;
zVk^`q$QIwS(Y_NYx;w1OA~xDLG+FHYvQLy-%8q*RDci-`=B1`<zp>NqN}cCuZmSw&
zG{S#lrM?E}1MyT$ozM{b))A;aN{Hm$yxcFrWE^^g-3esp7PQ+{SE1RkySKnbz$ou-
z;05H!Tsg9I{1p+uobF!g<iLg*lI2aVM(L3T<h1$_R~kWyoHjO5X-aLiVO8wEmFaxh
zH>tu~acyhq{8@8kwfP@5!meYIKu?<g>Fs|X9PCx{KYP2|{Lgb-mC$VQmzWgkDoQLL
z6q%k3IV^OUpAA~@Lr<Gb4L!wpv#9(gNBZ!PaDF+7B6)D$8mQ+u78A<IUrH8M&+YVM
zE`VK9ALhTRf@O4-1NTCDFMj@~kkrpuHGU};`&zL&(jxqY(KzA*^sjdN->s4c|5txI
zlJCO>gu*Cf(`X88q#BGtwBMq(Pq_MfhlM+lAN177Pf>EqlX?aefE6&SALwa}US}O`
zxQeH!+Ay0Iu8%oy_`(g}38oN=6{gU<O*)w?y_U;~WRi`(&{_apN|{H(JagD^DE57t
zNwcoL$qiZX{kxU@Bx{a&KakKP;kbV}`!{Fy(odc_BZI1O5<VXNAGpGByH&_$R!?(f
z&`iimp=3PKs=!-a%%OA*=S;JGrJiDm(t(;EiF$#uctuWFLjtdbq00ppaRt$eZ(*0Y
z>&cC0mt0>$?yN-5-+;g=ymvEUlbMNM+Gp5a+iQD$8`u8_00960MLZ#V0ImW60IS;^
A(f|Me

delta 5252
zcmV-~6npD}ERiXYJb!6#8@IOoEFk}ZPzp4?FQdg<`Uda^$9CJG^#aT3MR9#$P&1Uo
zXU=dg$x*Dj{_hW5X6Hzw#Y=KUAh9$<p2Ov=JcpFWvEws5Ma<#BuzNg#Omt>2Am44S
z^m@JC!QP(w+w1kpe|!Cdo$va4A9i>4dI$Rl```8Yd%fMA?|(pVgMFwiF&B`1*IOG`
zd2nAzff4=#F^*~If@!}6qbU7Kpg>%-e8fG5BcYxR&OU<U!6$H{NCu231HZ*X#6lzx
zZ-p>GE+~>zYnp=Zb$Xp%>!nA$E%{R7|0yIf;u{tK^ZCEu`>=aZ=KtMZZ_EGBQE&jq
z$ZY{IgdAO=h=00(p)uxy%{q5K@eZb4j>ircl)*7-0l<TytPTJ}5#?A=Hgmz)W3uMm
zPu$@Gj&V44a;>^N7)B%><4`peaO?sPhLFwF_b4Xhk`nCAT<~dhPQ@id9EG9<q$s&$
zbc&?_L9B|mE6F#?YGm-I`<;HL*8u(%;`lEc>^ak*(0?-BFo&|=>F+GYN$?bfi1SNE
zhsZLd<b5RH=b-O&`g@C^htx+}IA7`h!@6mcH51lnN!=p82BYyfju^e4S!iNnh$7Vw
zk|wyC$1gba=@*_X-~FsOi=CbMXj>eyDfZBj=g~M661T??6vzdF#R$9w|D2#ueSQy2
zT>y1u4u8I2LckE2CcaW)Ga7fm00|%{7(v1jz$5t(e1V~Q7;_}QGeEzD9f^;If>A;c
z(+ZCVLnnLYaA?*dd#mP~!&Zw8p;zv*tgV!%)R-;3DsKK^$K%*gVyiVmP{d3T4+`Os
zpkI*qgOWHv0|5m$AX~XUrl6{QZK-7=*n`{!{eKn!e#nzqKPE93i2aNi7yra!@+;-y
z90>s40yu@3NZdf{3>TcB5sZm=U)QSmq6I*J1j8P`q)fPA=YJ3O_U!C2L6C?^R!vd|
zi^GfX3`%gWUa{oiu^!nafg#FX5jy@IO%ZXyehYvvl-=QQd?pFv1Tz=3yCR6%YAQI5
znSY14Mr{*7vX224JozRE5-5`2>-EmCdCJg#V#M>cyeM`-zZX=R?If+r;^^rxS!TH&
zS$|DrsmiEFv9lHmI2z#)i<t`^9u40O5J8@x%sdj5AO@ukYrs0-4$WN9R$R#_L7hxa
zNvRbm(rO!wG?J|)wD##e=7J|L&}f7_;eUemIURTt<i`ZH8^JgH7fC98axBh<&>S-?
zum{PJ@6(W9gk-iF%$AajQUbvH&tWP_wD>7<Y6Eew+kgUE1c&i`CNTX}?E3t?AQ)v+
z@D}(G1vKPHD7pEZQc<oTLBa*yDP&!Ohh6hTzGK7vW9UuL31(_=a#h;0yUBN@&42C?
z8zM%zR53mZ1%?E8ve|opf=J8&7Yv7E5Fi+G;Oic~E92`XV7fmV)Rzp6@V!A9sV{5b
zlMp@c_D4H=S}Cd|ou5^T)mm0xt>A1KGpxWC+WL75K8FNxu52Jk7=r!`OrS5>1SpFQ
z;E)SQ2=d<p1E-T1gB=6yP+4P`tACzhhWr|SllGvE=TcVq;n=;ILUu#&@Wwp+L6Jj1
zr)Y5Y@eD>04#y|4B(u+9psd1#!{^HWlE9>VRVld^Y3{GIh<odh=9(y<jx-I5qGM4Z
z&xE3+ot}`NsU!(boBqRCfB?><v7b^a2w)gPLS_IGP8IMxNh+Lm^jM@Nt$%7Nx(7&K
zfoW^IeSQs&K41TOarNo?&zqaUpM&euvv#^>sfsd_(5?`pn+&ei@?tJ%@H-qLqH(`{
z3y!4)@5$}}Isz~ZsnDI1E(`R1^@k83CJ02-=dFnPM_Da97@|<jfl%y&RMyfd1`u2_
zOc@rlV*<GXfI=QK<2cFIfPcqqil->$7QiQz2{=Yvf?{aof{73jce~x<T=>-E(wy;7
zB-Doy9>;nmx)JrA$e?y2hNRAs&s$NxKYES%j0+Svp4PdJXDk|teSo}J)>gh9x))$9
zdnyM`qlhvQ%SD!>VsWVIKpY|lAO|508KnXYXMiIiq^g5}8*s-Ont#MFoB?zXgNPvD
z%I~ErE_jfzkN9UUy_$Zn*9VU+OC^pxj|R~tqa!TMrUx;LkPEKjP~ZR=i{lYIHrQ(|
z?f(fBL~7r+dwy|!I_QXdvHl*@qW%Bfz1`CO-~RsY{&xTGIm-0}sSW+X*~es4A9FA^
zRP3XO&>2!vKryl5n}1HLbxnacLEc@twPtexMa<uWh#<(3Bx<*1^tmSpa2zQfc?3Ol
z`0xNaS4h?CoF`Ag<D=|@2Ie^2$jQStjG~gpmXInyz~f^ZIL;R+yva7;Ft60||Lp{k
z2r=Ff(Ym341^nONKj@eE|6p&ozvchuC=U<ae}E|tT&cN$RDUN@mmCIiTD%Ez!9Ti>
zkFA!fc6uMd&{rB!a-Fml<Y!OCj8(md2S>VhI7Fb$gJDNjYXc{HBNY?q=qR&d)XpC|
z;v{QcOc7()N8oR1zl9z+*i|2KFo;Le*K9i(FckXgv+kO)S)?;MK_tkmabWG2uC9UU
z&(Z{|3KwNHhJT*4<ZL3w+9rS@93$Tu&PuHYW+S?;p)naB9zeo{`AO{5wo3!73Y(tW
zqco0dn#oz|@JUxKR-vjHjFUY{TK=szhNU=e|4$pVZ`%fzoJ~ARmo9IZ0yWt{&_7{7
z>^1%dIP_5{z>b=J4Nk76bz!5J5NYo)B=qv8hF8tf%6|p}T|Xn1TyIst>oTh((UzaN
zsu6?X7|m@bT}i!aa`N&6uz!@@d1;0(m0I~<aE6q7wQ^8+f&Aa?eJIKQo!(ymU@QNh
zqm;O#ZYSsQ@lERvhrSC=lv6xF;!P``I|8GKcc=X~tpEw=Ljm14Y0OD7M;(0adjkny
zS6B9*ZhvDl3*Sibf<uqQeo2;h@{&bX<Pq{zFXG6D0u2O%0*z<t5de%5g2VA=_0Bx2
zZb;|4u6B!x?@hM>F#cB_q<oRstp<D`%~9h#CkSB_Eipj}dnN$0xo$8k2WfYgM+|_O
zO-V0bu$a`h%WaY55au^d-sDw8*1w<3@+M+4X@6RFfU_|e+!s*-7o=rExwvH1L)?Tz
z^Dk2;`+OmNCVM&HZ}6X(3gww3peA|;{|jYzMI42_ohEaZZ;%jqlL@LoRz#X?Naf}*
z-J@D^?kzhgx!J0`&COB*K?#^VWfl~44S8ltKDVe&E`+V7?M<TFCy?vV1Za2LMU9=!
zaetPZP~ZaqbP9|%i3&}Vlo;^%Sb1j$>(<v3a4gLyGs%RbroC7bQ(-w%M3=eLih4*{
z0!D#69Qoy?71y?Gq|CMdiisjC8-NS)|Mqu39F*<9{he+8@3R!gaT3E$?ezsH6gI;y
zv+HbTU5-dXZ8S8q=9(IF+Ln_RRbs^D&3`VWGpP!RO!m$t?{x=xA^eiJ&T5P^>o8NB
ztZ0%owa97>GApv2PR)$=G$fPwnkDx;d;d2Ga|*uzFXyTjLFeK{S({v_$+bBArDg>)
zBkvfehNb%Swwl1DBgmBH^S#Wokj#L9cZi#atn7Ab`Ctx0Dgakm6X}E*vx0+nB7Y(U
zRhygaob}WOoga0WI5Ezy5es-bn}>=4W(QQZ!qV0?rdX@8F6md3n@E|JzRUAhTS-r4
zZO^m~dsKM}(!i^ZwVMby4#%IyAx$5j-XkwoCkApYi*~V^$>M8i;wdgXy^k2;Jd4=p
zOL_Nc&ggR_o?%e2|3(Q@mB#t30DqknVC@|WeGBFV{Vpv?;~wiowe`DNqBV<mW1i;{
zq3jHlR>)u#^K~nJMDcYFRtBLME}zGCC10xE-zf_sS;_%;7pTOsI?20m5$CU(3)=0n
z5KbGf?s~PXeJ#1s`Nb&*n5!zJ+}Nr}N@}ETfr=Xhmi>WcmTW2avg%#dIe(Ywfr4fp
zW-dp#=%#JJ&8&rObpi9WjU$-%I2$^g8^T%SEdU@Jmjt>4+RpTFr(JpI$c2EuFZICT
z_wSBQPOeS|gC8vw34%Ui4l)@mi)%CpK3jmGd%>WiElnq}@{}oJscaJTow0PK4u7Q~
zWtV?kA&)>DXxUiTk|Dun4u1{>VpB+*0Nx+&_JVvx6i&-?s7cq%QAy6LJXC$;L;mY<
z>fJ578<1b%!k$15&{Um2P#N`=HCFj}mrzV}KT16`XB?<^hlJx}Rxmb_q&k~WDj4>r
zVyU}1LDk<WcDO9|3cX?o`WGRYT~R82#sulKp@JUN#e)$XVuA%m6@OdBXEdr>I7h$#
zZk0O8d7@?#$D9+`xU{jtwQ_w@b9E`RCaz}ErKudTN}=bFEk8ID82SV`nu8o1#vD0_
zG0F~Aw&M>k%lygQufq6qSX-8Qxv(1Jo35_P^qb-3B=gtN2lyJWb0JrFvm8AKbd}MH
zl~?5JO<`=p-9;;*j(^H^O|=@1zyYGMINarx3KJnB2Zeq_aVQQ6^&pWhkZX5xiapPc
zq=1qKCm~M{ca~zhBJ9`BcZJ@5CHj^J!zPR={fUjTV+CN9C1jNqS#K5SWj0$(or#lW
zqe;68cBY3lOk|FF)mYpKFMj{-c<|}=^!()V;?w!H%?B_iNq<vOpl+Jz^lErFcka}V
zSqDVY%u)kEKTS4cEzQiSQb)0uWV@PSmrkFSfJKy589H@Y^|7}m<FZ=Wrb_8u#HgSi
zB`&x=zRbO|9%9jD1Tl#jx}Gq^CzSa5v|d)EH2npMGCL}X3R2-(?uQmhTAKb<emQ64
zO{FmovA~d=Ab$d91LV=r=Puao73vrjk-qL1Uq^^x>f0OFT4#CswVP;hi0|EQw@!!6
z6`m2pQ%uk}cd9Wf>j}))<Ja+ESfgBY4=sB+R@CZ1qB`^a@amHBUZ5<D{~D>c&W$jO
z&VTIel+S;BIOy+g<G;^Q9LFhyd(90e$)zXLzKISW4}U)C10M4O!9^XJhHaq`(3@PD
z&{1|PLqz>g;fP*@XSoxbFFhsyRb?UnC+Bn5NC94y|Iz=jTh9OZu=ioh|Ibls@_*B`
z-*VRP^0^@i$TXkyiBdyKS-wi;7n6LA6|i)UuWDyW@m(c_#5NmGl|f>|mE>F0=A>>k
zI%hlNY<~-~CWoBu`K&8NbQh+^CJU72I4m))uR1oHKwc&!uWm(ovY=~e%XDey<Ji5a
zb3gRGbIJ$U?!-RVPHbtzW`(_2<-t4B<v%Qo=hb&!*LTm4-5W`1>c8cKDb4nE=ljNq
znBMUI>t?o9?N<sm;5*9&CY$BHg$Sw~VQaD?Cx1Q#_GVmJWPs&4)m*lduBM7{Mo>%+
zzkhdf_34k(tJ|y7Uv38%$G_cP9$o+X<Fm0_2F}(GJ6MZtWCoZ&>w0t3mjB5=kB>Ju
zT7&SLn_4$_LH~aH{PFbm{Nm*F_WbDV)Yh|~84aq5jw6hSe}zWXH|CvIe$t*(<Z_-|
zQh%e%VtHhvvDKqZIZa#a>wHC>G%rxtA|Uz7Ylu$E1iY*O-NvO}E-s~wi@6c0RpLVR
zajZ&3*#qn!e*dm0G0GKHXiU1M&KQX#YlI6Zc)nLA1+8PdAl5!QeVdxv^a=ERYL2h6
zxt&<wsCH<PpL4HZTQ9P;l(m=G`!%tnXMYQDH3(tZ-o5(3R5Mll6soTD3kB5*4RqmR
z?Ufihb2ZN#`{D8N<|(vdb_>IZI}whMQ<;Jspqrb{jjVK&YnCQclv`F&NX}mchiq4B
z@)n2*;z+Rr2aqAa1tuifHSo<<9zg^JR%&zhUbdM1zz~SJx+pRaOda;Y`nnml6@M{-
z+(49%hDbnQu0cs|r8ypa0@>B#P3BcXSz~gm&F9YW^4Rn=m)k9C^VG*t!Bg5ewL#hi
z6t2$k%NZ%ky5-2dDXA}stVH)4qxlWd`!ck?&NLTcEk*PzO}HK39RFb+miZ#x_<py^
zZ$T7gybcMZS20(*WY;OH_hu>NR)58__Dsxig6H+_f*tE4y07>qr2o#+DE_<V?*T1{
z|Lz{_ekkXE>>O;*|36D91)|hx$4y3mHNb7`*FG0d75S}V(&ZbxIN)jGys||r)0xfB
zL7SOh_Xu<`-r6*buFooOFo<sKgReQ-U6~ENLa+J|^1AWxCds(lX!y5tE`MpwxcKu#
zt~K9%-RFk30q)lp;I<#{tyEhlj=fYW$x7#N*NkOr&dQwiu5s48wa)r#hk-X6FJ9qv
z;wsVN?n<%Zvas4lino#Cr;ZdacjU1ySZsy*1kvI<Hr#jgZ@?W^Wl{QLaizwu`$XYV
zcGRm6*)G;LuQgozjh%KZHGiI?xvgr9(Fl&A{{8)rSpU)^rXeKO9;h}-h~(Y8+)aQP
zhZcWH613Y@SD{(AvtNqbzyQ?GLdu?{{jZ4l<#hK_Cr2AbNR~Ib8ihw1kkjg2T&V{o
za@yELr6IM|x>d3NR;Kf1M^c5i;@Z~I`Lo8zYU4j_2tCIHfu1z}(|_APIM}PifA+S&
z|Mo1UvNc=0iBplTqQvq+;q+wipwMJ~G-$y^pPLK~Jw<=BUHMJ+^x+}l{BjUQ^5DER
zQ14+ZCY0g7lq{^C+txqWcSQ-BKU4+F=qd-@3+cU({8gCh8q>yuVlmN*)sYtAFO0?!
zcfr5f?SHpQ8vI}FNPmup3ls{YkWHm2VnbD7j70lAXcNrUU-h$o@`Iil`6)^s`BKjy
z1z-it>Vn3`=ylZ5hO2mr-iF!K@Cf9*;eZ>C2~ANbR+vIFnshQ(8kWbgWRi^zXf1#q
zrOd}+o;hqd6#G8Sq*+(r#D*;R{@u#1<j*nhM;!V%95-kG=6%dwy7JZ;8dQyg@bU2f
zkS7ecTZL?9^(=Gia}yyeg_7|^s{(IzF$dB$oHNb#m3oRLN;_&U34MjKctuWFLjtdb
zp{swQwv1@SQP^efdUE60CD%*Hot5bM8xS~!aW@k-nVI;~KEt+b%eH(Q<^KZ!0RR7z
K;z|ktm;eCP88y!U

diff --git a/charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml
new file mode 100644
index 00000000000..055172cf8c3
--- /dev/null
+++ b/charts/latest/csi-driver-smb/templates/csi-smb-node-windows-hostprocess.yaml
@@ -0,0 +1,124 @@
+{{- if and .Values.windows.enabled .Values.windows.useHostProcessContainers }}
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Values.windows.dsName }}
+  namespace: {{ .Release.Namespace }}
+{{ include "smb.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ .Values.node.maxUnavailable }}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ .Values.windows.dsName }}
+  template:
+    metadata:
+{{ include "smb.labels" . | indent 6 }}
+        app: {{ .Values.windows.dsName }}
+    spec:
+{{- with .Values.windows.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+{{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.node.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- if .Values.securityContext }}
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.node }}
+      {{- include "smb.pullSecrets" . | indent 6 }}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: "NT AUTHORITY\\SYSTEM"
+      hostNetwork: true
+      initContainers:
+        - name: init
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}-windows-hp"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - "powershell.exe"
+            - "-c"
+            - "New-Item -ItemType Directory -Path C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\ -Force"
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+      containers:
+        - name: node-driver-registrar
+{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- else }}
+          image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
+{{- end }}
+          command:
+            - "csi-node-driver-registrar.exe"
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+            - "--plugin-registration-path=$(PLUGIN_REG_DIR)"
+            - "--v=2"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://{{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
+            - name: PLUGIN_REG_DIR
+              value: C:\\var\\lib\\kubelet\\plugins_registry\\
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.nodeDriverRegistrar | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+        - name: smb
+{{- if hasPrefix "/" .Values.image.smb.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- else }}
+          image: "{{ .Values.image.smb.repository }}:{{ .Values.image.smb.tag }}"
+{{- end }}
+          imagePullPolicy: {{ .Values.image.smb.pullPolicy }}
+          command:
+            - "azurefileplugin.exe"
+          args:
+            - "--v={{ .Values.node.logLevel }}"
+            - "--drivername={{ .Values.driver.name }}"
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(KUBE_NODE_NAME)
+            - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}"
+            - "--remove-smb-mapping-during-unmount={{ .Values.windows.removeSMBMappingDuringUnmount }}"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix://{{ .Values.windows.kubelet }}\plugins\{{ .Values.driver.name }}\csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources: {{- toYaml .Values.windows.resources.smb | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+{{- end -}}
diff --git a/charts/latest/csi-driver-smb/values.yaml b/charts/latest/csi-driver-smb/values.yaml
index aa828a0acb5..8ad83df9d17 100755
--- a/charts/latest/csi-driver-smb/values.yaml
+++ b/charts/latest/csi-driver-smb/values.yaml
@@ -131,6 +131,7 @@ linux:
 
 windows:
   enabled: false # Unless you already had csi proxy installed, windows.csiproxy.enabled=true is required
+  useHostProcessContainers: false
   dsName: csi-smb-node-win # daemonset name
   kubelet: 'C:\var\lib\kubelet'
   removeSMBMappingDuringUnmount: true
diff --git a/cmd/smbplugin/Dockerfile.WindowsHostProcess b/cmd/smbplugin/Dockerfile.WindowsHostProcess
new file mode 100644
index 00000000000..d8131b7dc66
--- /dev/null
+++ b/cmd/smbplugin/Dockerfile.WindowsHostProcess
@@ -0,0 +1,24 @@
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# these arguments come from BUILD_PLATFORMS used in release-tools
+FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+LABEL description="CSI SMB plugin"
+
+ARG ARCH=amd64
+ARG binary=./_output/${ARCH}/smbplugin.exe
+COPY ${binary} /smbplugin.exe
+ENV PATH="C:\Windows\system32;C:\Windows;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;"
+USER ContainerAdministrator
+ENTRYPOINT ["/smbplugin.exe"]
diff --git a/cmd/smbplugin/main.go b/cmd/smbplugin/main.go
index efa04e0756f..cda6208f747 100644
--- a/cmd/smbplugin/main.go
+++ b/cmd/smbplugin/main.go
@@ -49,6 +49,7 @@ var (
 	krb5Prefix                    = flag.String("krb5-prefix", smb.DefaultKrb5CCName, "The prefix for kerberos cache")
 	defaultOnDeletePolicy         = flag.String("default-ondelete-policy", "", "default policy for deleting subdirectory when deleting a volume")
 	removeArchivedVolumePath      = flag.Bool("remove-archived-volume-path", true, "remove archived volume path in DeleteVolume")
+	enableWindowsHostProcess      = flag.Bool("enable-windows-host-process", false, "enable windows host process")
 )
 
 // exit is a separate function to handle program termination
diff --git a/pkg/mounter/safe_mounter_host_process_windows.go b/pkg/mounter/safe_mounter_host_process_windows.go
new file mode 100644
index 00000000000..32331238ae5
--- /dev/null
+++ b/pkg/mounter/safe_mounter_host_process_windows.go
@@ -0,0 +1,247 @@
+//go:build windows
+// +build windows
+
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package mounter
+
+import (
+	"context"
+	"fmt"
+	"os"
+	filepath "path/filepath"
+	"strings"
+
+	"k8s.io/klog/v2"
+	mount "k8s.io/mount-utils"
+
+	"github.com/kubernetes-csi/csi-driver-smb/pkg/os/filesystem"
+	"github.com/kubernetes-csi/csi-driver-smb/pkg/os/smb"
+)
+
+var driverGlobalMountPath = "C:\\var\\lib\\kubelet\\plugins\\kubernetes.io\\csi\\file.csi.azure.com"
+
+var _ CSIProxyMounter = &winMounter{}
+
+type winMounter struct{}
+
+func NewWinMounter() *winMounter {
+	return &winMounter{}
+}
+
+func (mounter *winMounter) SMBMount(source, target, fsType string, mountOptions, sensitiveMountOptions []string, _ string) error {
+	klog.V(2).Infof("SMBMount: remote path: %s local path: %s", source, target)
+
+	if len(mountOptions) == 0 || len(sensitiveMountOptions) == 0 {
+		return fmt.Errorf("empty mountOptions(len: %d) or sensitiveMountOptions(len: %d) is not allowed", len(mountOptions), len(sensitiveMountOptions))
+	}
+
+	parentDir := filepath.Dir(target)
+	parentExists, err := mounter.ExistsPath(parentDir)
+	if err != nil {
+		return fmt.Errorf("parent dir: %s exist check failed with err: %v", parentDir, err)
+	}
+
+	if !parentExists {
+		klog.V(2).Infof("Parent directory %s does not exists. Creating the directory", parentDir)
+		if err := mounter.MakeDir(parentDir); err != nil {
+			return fmt.Errorf("create of parent dir: %s dailed with error: %v", parentDir, err)
+		}
+	}
+
+	source = strings.Replace(source, "/", "\\", -1)
+	normalizedTarget := normalizeWindowsPath(target)
+
+	klog.V(2).Infof("begin to mount %s on %s", source, normalizedTarget)
+
+	remotePath := source
+	localPath := normalizedTarget
+
+	if remotePath == "" {
+		return fmt.Errorf("remote path is empty")
+	}
+
+	isMapped, err := smb.IsSmbMapped(remotePath)
+	if err != nil {
+		isMapped = false
+	}
+
+	if isMapped {
+		valid, err := filesystem.PathValid(context.Background(), remotePath)
+		if err != nil {
+			klog.Warningf("PathValid(%s) failed with %v, ignore error", remotePath, err)
+		}
+
+		if !valid {
+			klog.Warningf("RemotePath %s is not valid, removing now", remotePath)
+			if err := smb.RemoveSmbGlobalMapping(remotePath); err != nil {
+				klog.Errorf("RemoveSmbGlobalMapping(%s) failed with %v", remotePath, err)
+				return err
+			}
+			isMapped = false
+		}
+	}
+
+	if !isMapped {
+		klog.V(2).Infof("Remote %s not mapped. Mapping now!", remotePath)
+		username := mountOptions[0]
+		password := sensitiveMountOptions[0]
+		if err := smb.NewSmbGlobalMapping(remotePath, username, password); err != nil {
+			klog.Errorf("NewSmbGlobalMapping(%s) failed with %v", remotePath, err)
+			return err
+		}
+	}
+
+	if len(localPath) != 0 {
+		if err := filesystem.ValidatePathWindows(localPath); err != nil {
+			return err
+		}
+		if err := os.Symlink(remotePath, localPath); err != nil {
+			return fmt.Errorf("os.Symlink(%s, %s) failed with %v", remotePath, localPath, err)
+		}
+	}
+	klog.V(2).Infof("mount %s on %s successfully", source, normalizedTarget)
+	return nil
+}
+
+// Mount just creates a soft link at target pointing to source.
+func (mounter *winMounter) Mount(source, target, fstype string, options []string) error {
+	return os.Symlink(normalizeWindowsPath(source), normalizeWindowsPath(target))
+}
+
+// Rmdir - delete the given directory
+func (mounter *winMounter) Rmdir(path string) error {
+	return filesystem.Rmdir(normalizeWindowsPath(path), true)
+}
+
+// Unmount - Removes the directory - equivalent to unmount on Linux.
+func (mounter *winMounter) Unmount(target string) error {
+	klog.V(4).Infof("Unmount: %s", target)
+	return mounter.Rmdir(target)
+}
+
+// Unmount - Removes the directory - equivalent to unmount on Linux.
+func (mounter *winMounter) SMBUnmount(target, _ string) error {
+	target = normalizeWindowsPath(target)
+	remoteServer, err := smb.GetRemoteServerFromTarget(target)
+	if err == nil {
+		klog.V(2).Infof("remote server path: %s, local path: %s", remoteServer, target)
+		if hasDupSMBMount, err := smb.CheckForDuplicateSMBMounts(driverGlobalMountPath, target, remoteServer); err == nil {
+			if !hasDupSMBMount {
+				if err := smb.RemoveSmbGlobalMapping(remoteServer); err != nil {
+					klog.Errorf("RemoveSmbGlobalMapping(%s) failed with %v", target, err)
+				}
+			} else {
+				klog.V(2).Infof("skip unmount as there are other SMB mounts on the same remote server %s", remoteServer)
+			}
+		} else {
+			klog.Errorf("CheckForDuplicateSMBMounts(%s, %s) failed with %v", target, remoteServer, err)
+		}
+	} else {
+		klog.Errorf("GetRemoteServerFromTarget(%s) failed with %v", target, err)
+	}
+
+	klog.V(2).Infof("Unmount: remote path: %s local path: %s", remoteServer, target)
+	return mounter.Rmdir(target)
+}
+
+func (mounter *winMounter) List() ([]mount.MountPoint, error) {
+	return []mount.MountPoint{}, fmt.Errorf("List not implemented for CSIProxyMounter")
+}
+
+func (mounter *winMounter) IsMountPoint(file string) (bool, error) {
+	isNotMnt, err := mounter.IsLikelyNotMountPoint(file)
+	if err != nil {
+		return false, err
+	}
+	return !isNotMnt, nil
+}
+
+func (mounter *winMounter) IsMountPointMatch(mp mount.MountPoint, dir string) bool {
+	return mp.Path == dir
+}
+
+// IsLikelyMountPoint - If the directory does not exists, the function will return os.ErrNotExist error.
+// If the path exists, will check if its a link, if its a link then existence of target path is checked.
+func (mounter *winMounter) IsLikelyNotMountPoint(path string) (bool, error) {
+	isExists, err := mounter.ExistsPath(path)
+	if err != nil {
+		return false, err
+	}
+	if !isExists {
+		return true, os.ErrNotExist
+	}
+
+	response, err := filesystem.IsMountPoint(normalizeWindowsPath(path))
+	if err != nil {
+		return false, err
+	}
+	return !response, nil
+}
+
+// MakeDir - Creates a directory.
+// Currently the make dir is only used from the staging code path, hence we call it
+// with Plugin context..
+func (mounter *winMounter) MakeDir(path string) error {
+	return os.MkdirAll(normalizeWindowsPath(path), 0755)
+}
+
+// ExistsPath - Checks if a path exists. Unlike util ExistsPath, this call does not perform follow link.
+func (mounter *winMounter) ExistsPath(path string) (bool, error) {
+	return filesystem.PathExists(normalizeWindowsPath(path))
+}
+
+func (mounter *winMounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error {
+	return fmt.Errorf("MountSensitive not implemented for winMounter")
+}
+
+func (mounter *winMounter) MountSensitiveWithoutSystemd(source string, target string, fstype string, options []string, sensitiveOptions []string) error {
+	return fmt.Errorf("MountSensitiveWithoutSystemd not implemented for winMounter")
+}
+
+func (mounter *winMounter) MountSensitiveWithoutSystemdWithMountFlags(source string, target string, fstype string, options []string, sensitiveOptions []string, mountFlags []string) error {
+	return mounter.MountSensitive(source, target, fstype, options, sensitiveOptions /* sensitiveOptions */)
+}
+
+func (mounter *winMounter) GetMountRefs(pathname string) ([]string, error) {
+	return []string{}, fmt.Errorf("GetMountRefs not implemented for winMounter")
+}
+
+func (mounter *winMounter) EvalHostSymlinks(pathname string) (string, error) {
+	return "", fmt.Errorf("EvalHostSymlinks not implemented for winMounter")
+}
+
+func (mounter *winMounter) GetFSGroup(pathname string) (int64, error) {
+	return -1, fmt.Errorf("GetFSGroup not implemented for winMounter")
+}
+
+func (mounter *winMounter) GetSELinuxSupport(pathname string) (bool, error) {
+	return false, fmt.Errorf("GetSELinuxSupport not implemented for winMounter")
+}
+
+func (mounter *winMounter) GetMode(pathname string) (os.FileMode, error) {
+	return 0, fmt.Errorf("GetMode not implemented for winMounter")
+}
+
+// GetAPIVersions returns the versions of the client APIs this mounter is using.
+func (mounter *winMounter) GetAPIVersions() string {
+	return ""
+}
+
+func (mounter *winMounter) CanSafelySkipMountPointCheck() bool {
+	return false
+}
diff --git a/pkg/mounter/safe_mounter_unix.go b/pkg/mounter/safe_mounter_unix.go
index 36a386d8069..efbf6f64e51 100644
--- a/pkg/mounter/safe_mounter_unix.go
+++ b/pkg/mounter/safe_mounter_unix.go
@@ -24,7 +24,7 @@ import (
 	utilexec "k8s.io/utils/exec"
 )
 
-func NewSafeMounter(_ bool) (*mount.SafeFormatAndMount, error) {
+func NewSafeMounter(_, _ bool) (*mount.SafeFormatAndMount, error) {
 	return &mount.SafeFormatAndMount{
 		Interface: mount.New(""),
 		Exec:      utilexec.New(),
diff --git a/pkg/mounter/safe_mounter_unix_test.go b/pkg/mounter/safe_mounter_unix_test.go
index 7991c4736b9..e620101f63c 100644
--- a/pkg/mounter/safe_mounter_unix_test.go
+++ b/pkg/mounter/safe_mounter_unix_test.go
@@ -23,7 +23,7 @@ import (
 )
 
 func TestNewSafeMounter(t *testing.T) {
-	resp, err := NewSafeMounter(true)
+	resp, err := NewSafeMounter(true, true)
 	assert.NotNil(t, resp)
 	assert.Nil(t, err)
 }
diff --git a/pkg/mounter/safe_mounter_windows.go b/pkg/mounter/safe_mounter_windows.go
index 52f0da75562..57e7694a188 100644
--- a/pkg/mounter/safe_mounter_windows.go
+++ b/pkg/mounter/safe_mounter_windows.go
@@ -131,7 +131,7 @@ func (mounter *csiProxyMounter) SMBMount(source, target, fsType string, mountOpt
 	return nil
 }
 
-func (mounter *csiProxyMounter) SMBUnmount(target string, volumeID string) error {
+func (mounter *csiProxyMounter) SMBUnmount(target, volumeID string) error {
 	klog.V(4).Infof("SMBUnmount: local path: %s", target)
 
 	if remotePath, err := os.Readlink(target); err != nil {
@@ -369,7 +369,14 @@ func NewCSIProxyMounter(removeSMBMappingDuringUnmount bool) (*csiProxyMounter, e
 	}, nil
 }
 
-func NewSafeMounter(removeSMBMappingDuringUnmount bool) (*mount.SafeFormatAndMount, error) {
+func NewSafeMounter(enableWindowsHostProcess, removeSMBMappingDuringUnmount bool) (*mount.SafeFormatAndMount, error) {
+	if enableWindowsHostProcess {
+		klog.V(2).Infof("using windows host process mounter")
+		return &mount.SafeFormatAndMount{
+			Interface: NewWinMounter(),
+			Exec:      utilexec.New(),
+		}, nil
+	}
 	csiProxyMounter, err := NewCSIProxyMounter(removeSMBMappingDuringUnmount)
 	if err == nil {
 		klog.V(2).Infof("using CSIProxyMounterV1, %s", csiProxyMounter.GetAPIVersions())
diff --git a/pkg/os/filesystem/filesystem.go b/pkg/os/filesystem/filesystem.go
new file mode 100644
index 00000000000..47de07d8c61
--- /dev/null
+++ b/pkg/os/filesystem/filesystem.go
@@ -0,0 +1,166 @@
+//go:build windows
+// +build windows
+
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package filesystem
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/kubernetes-csi/csi-driver-smb/pkg/util"
+	"k8s.io/klog/v2"
+)
+
+var invalidPathCharsRegexWindows = regexp.MustCompile(`["/\:\?\*|]`)
+var absPathRegexWindows = regexp.MustCompile(`^[a-zA-Z]:\\`)
+
+func containsInvalidCharactersWindows(path string) bool {
+	if isAbsWindows(path) {
+		path = path[3:]
+	}
+	if invalidPathCharsRegexWindows.MatchString(path) {
+		return true
+	}
+	if strings.Contains(path, `..`) {
+		return true
+	}
+	return false
+}
+
+func isUNCPathWindows(path string) bool {
+	// check for UNC/pipe prefixes like "\\"
+	if len(path) < 2 {
+		return false
+	}
+	if path[0] == '\\' && path[1] == '\\' {
+		return true
+	}
+	return false
+}
+
+func isAbsWindows(path string) bool {
+	// for Windows check for C:\\.. prefix only
+	// UNC prefixes of the form \\ are not considered
+	return absPathRegexWindows.MatchString(path)
+}
+
+func pathExists(path string) (bool, error) {
+	_, err := os.Lstat(path)
+	if err == nil {
+		return true, nil
+	}
+	if os.IsNotExist(err) {
+		return false, nil
+	}
+	return false, err
+}
+
+// PathExists checks if the given path exists on the host.
+func PathExists(path string) (bool, error) {
+	if err := ValidatePathWindows(path); err != nil {
+		klog.Errorf("failed validatePathWindows %v", err)
+		return false, err
+	}
+	return pathExists(path)
+}
+
+func PathValid(_ context.Context, path string) (bool, error) {
+	cmd := `Test-Path $Env:remotepath`
+	cmdEnv := fmt.Sprintf("remotepath=%s", path)
+	output, err := util.RunPowershellCmd(cmd, cmdEnv)
+	if err != nil {
+		return false, fmt.Errorf("returned output: %s, error: %v", string(output), err)
+	}
+
+	return strings.HasPrefix(strings.ToLower(string(output)), "true"), nil
+}
+
+func ValidatePathWindows(path string) error {
+	pathlen := len(path)
+
+	if pathlen > util.MaxPathLengthWindows {
+		return fmt.Errorf("path length %d exceeds maximum characters: %d", pathlen, util.MaxPathLengthWindows)
+	}
+
+	if pathlen > 0 && (path[0] == '\\') {
+		return fmt.Errorf("invalid character \\ at beginning of path: %s", path)
+	}
+
+	if isUNCPathWindows(path) {
+		return fmt.Errorf("unsupported UNC path prefix: %s", path)
+	}
+
+	if containsInvalidCharactersWindows(path) {
+		return fmt.Errorf("path contains invalid characters: %s", path)
+	}
+
+	if !isAbsWindows(path) {
+		return fmt.Errorf("not an absolute Windows path: %s", path)
+	}
+
+	return nil
+}
+
+func Rmdir(path string, force bool) error {
+	if err := ValidatePathWindows(path); err != nil {
+		return err
+	}
+
+	if force {
+		return os.RemoveAll(path)
+	}
+	return os.Remove(path)
+}
+
+func IsMountPoint(path string) (bool, error) {
+	return IsSymlink(path)
+}
+
+// IsSymlink - returns true if tgt is a mount point.
+// A path is considered a mount point if:
+// - directory exists and
+// - it is a soft link and
+// - the target path of the link exists.
+// If tgt path does not exist, it returns an error
+// if tgt path exists, but the source path tgt points to does not exist, it returns false without error.
+func IsSymlink(tgt string) (bool, error) {
+	// This code is similar to k8s.io/kubernetes/pkg/util/mount except the pathExists usage.
+	stat, err := os.Lstat(tgt)
+	if err != nil {
+		return false, err
+	}
+
+	// If its a link and it points to an existing file then its a mount point.
+	if stat.Mode()&os.ModeSymlink != 0 {
+		target, err := os.Readlink(tgt)
+		if err != nil {
+			return false, fmt.Errorf("readlink error: %v", err)
+		}
+		exists, err := pathExists(target)
+		if err != nil {
+			return false, err
+		}
+		return exists, nil
+	}
+
+	return false, nil
+}
diff --git a/pkg/os/smb/smb.go b/pkg/os/smb/smb.go
new file mode 100644
index 00000000000..5784037b652
--- /dev/null
+++ b/pkg/os/smb/smb.go
@@ -0,0 +1,113 @@
+//go:build windows
+// +build windows
+
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package smb
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/kubernetes-csi/csi-driver-smb/pkg/util"
+	"k8s.io/klog/v2"
+)
+
+func IsSmbMapped(remotePath string) (bool, error) {
+	cmdLine := `$(Get-SmbGlobalMapping -RemotePath $Env:smbremotepath -ErrorAction Stop).Status`
+	cmdEnv := fmt.Sprintf("smbremotepath=%s", remotePath)
+	out, err := util.RunPowershellCmd(cmdLine, cmdEnv)
+	if err != nil {
+		return false, fmt.Errorf("error checking smb mapping. cmd %s, output: %s, err: %v", remotePath, string(out), err)
+	}
+
+	if len(out) == 0 || !strings.EqualFold(strings.TrimSpace(string(out)), "OK") {
+		return false, nil
+	}
+	return true, nil
+}
+
+func NewSmbGlobalMapping(remotePath, username, password string) error {
+	// use PowerShell Environment Variables to store user input string to prevent command line injection
+	// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1
+	cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force` +
+		`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord` +
+		`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $true`)
+
+	klog.V(2).Infof("begin to run NewSmbGlobalMapping with %s, %s", remotePath, username)
+	if output, err := util.RunPowershellCmd(cmdLine, fmt.Sprintf("smbuser=%s", username),
+		fmt.Sprintf("smbpassword=%s", password),
+		fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
+		return fmt.Errorf("NewSmbGlobalMapping failed. output: %q, err: %v", string(output), err)
+	}
+	return nil
+}
+
+func RemoveSmbGlobalMapping(remotePath string) error {
+	remotePath = strings.TrimSuffix(remotePath, `\`)
+	cmd := `Remove-SmbGlobalMapping -RemotePath $Env:smbremotepath -Force`
+	klog.V(2).Infof("begin to run RemoveSmbGlobalMapping with %s", remotePath)
+	if output, err := util.RunPowershellCmd(cmd, fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
+		return fmt.Errorf("UnmountSmbShare failed. output: %q, err: %v", string(output), err)
+	}
+	return nil
+}
+
+// GetRemoteServerFromTarget- gets the remote server path given a mount point, the function is recursive until it find the remote server or errors out
+func GetRemoteServerFromTarget(mount string) (string, error) {
+	target, err := os.Readlink(mount)
+	klog.V(2).Infof("read link for mount %s, target: %s", mount, target)
+	if err != nil || len(target) == 0 {
+		return "", fmt.Errorf("error reading link for mount %s. target %s err: %v", mount, target, err)
+	}
+	return strings.TrimSpace(target), nil
+}
+
+// CheckForDuplicateSMBMounts checks if there is any other SMB mount exists on the same remote server
+func CheckForDuplicateSMBMounts(dir, mount, remoteServer string) (bool, error) {
+	files, err := os.ReadDir(dir)
+	if err != nil {
+		return false, err
+	}
+
+	for _, file := range files {
+		klog.V(6).Infof("checking file %s", file.Name())
+		if file.IsDir() {
+			globalMountPath := filepath.Join(dir, file.Name(), "globalmount")
+			if strings.EqualFold(filepath.Clean(globalMountPath), filepath.Clean(mount)) {
+				klog.V(2).Infof("skip current mount path %s", mount)
+			} else {
+				fileInfo, err := os.Lstat(globalMountPath)
+				// check if the file is a symlink, if yes, check if it is pointing to the same remote server
+				if err == nil && fileInfo.Mode()&os.ModeSymlink != 0 {
+					remoteServerPath, err := GetRemoteServerFromTarget(globalMountPath)
+					klog.V(2).Infof("checking remote server path %s on local path %s", remoteServerPath, globalMountPath)
+					if err == nil {
+						if remoteServerPath == remoteServer {
+							return true, nil
+						}
+					} else {
+						klog.Errorf("GetRemoteServerFromTarget(%s) failed with %v", globalMountPath, err)
+					}
+				}
+			}
+		}
+	}
+	return false, err
+}
diff --git a/pkg/os/smb/smb_test.go b/pkg/os/smb/smb_test.go
new file mode 100644
index 00000000000..98dc67406c4
--- /dev/null
+++ b/pkg/os/smb/smb_test.go
@@ -0,0 +1,59 @@
+//go:build windows
+// +build windows
+
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package smb
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestCheckForDuplicateSMBMounts(t *testing.T) {
+	tests := []struct {
+		name           string
+		dir            string
+		mount          string
+		remoteServer   string
+		expectedResult bool
+		expectedError  error
+	}{
+		{
+			name:           "directory does not exist",
+			dir:            "non-existing-mount",
+			expectedResult: false,
+			expectedError:  fmt.Errorf("open non-existing-mount: The system cannot find the file specified."),
+		},
+	}
+
+	for _, test := range tests {
+		result, err := CheckForDuplicateSMBMounts(test.dir, test.mount, test.remoteServer)
+		if result != test.expectedResult {
+			t.Errorf("Expected %v, got %v", test.expectedResult, result)
+		}
+		if err == nil && test.expectedError != nil {
+			t.Errorf("Expected error %v, got nil", test.expectedError)
+		}
+		if err != nil && test.expectedError == nil {
+			t.Errorf("Expected nil, got %v", err)
+		}
+		if err != nil && test.expectedError != nil && err.Error() != test.expectedError.Error() {
+			t.Errorf("Expected error %v, got %v", test.expectedError, err)
+		}
+	}
+}
diff --git a/pkg/smb/fake_mounter.go b/pkg/smb/fake_mounter.go
index c874ed6a33a..c06fdd2a6a0 100644
--- a/pkg/smb/fake_mounter.go
+++ b/pkg/smb/fake_mounter.go
@@ -65,7 +65,7 @@ func (f *fakeMounter) IsLikelyNotMountPoint(file string) (bool, error) {
 
 func NewFakeMounter() (*mount.SafeFormatAndMount, error) {
 	if runtime.GOOS == "windows" {
-		return mounter.NewSafeMounter(true)
+		return mounter.NewSafeMounter(true, true)
 	}
 	return &mount.SafeFormatAndMount{
 		Interface: &fakeMounter{},
diff --git a/pkg/smb/smb.go b/pkg/smb/smb.go
index ffb18ca0d8e..a4e27abf061 100644
--- a/pkg/smb/smb.go
+++ b/pkg/smb/smb.go
@@ -73,6 +73,7 @@ type DriverOptions struct {
 	Krb5Prefix                    string
 	DefaultOnDeletePolicy         string
 	RemoveArchivedVolumePath      bool
+	EnableWindowsHostProcess      bool
 }
 
 // Driver implements all interfaces of CSI drivers
@@ -100,6 +101,7 @@ type Driver struct {
 	krb5Prefix                    string
 	defaultOnDeletePolicy         string
 	removeArchivedVolumePath      bool
+	enableWindowsHostProcess      bool
 }
 
 // NewDriver Creates a NewCSIDriver object. Assumes vendor version is equal to driver version &
@@ -113,6 +115,7 @@ func NewDriver(options *DriverOptions) *Driver {
 	driver.removeSMBMappingDuringUnmount = options.RemoveSMBMappingDuringUnmount
 	driver.removeArchivedVolumePath = options.RemoveArchivedVolumePath
 	driver.workingMountDir = options.WorkingMountDir
+	driver.enableWindowsHostProcess = options.EnableWindowsHostProcess
 	driver.volumeLocks = newVolumeLocks()
 
 	driver.krb5CacheDirectory = options.Krb5CacheDirectory
@@ -146,7 +149,7 @@ func (d *Driver) Run(endpoint, _ string, testMode bool) {
 	}
 	klog.V(2).Infof("\nDRIVER INFORMATION:\n-------------------\n%s\n\nStreaming logs below:", versionMeta)
 
-	d.mounter, err = mounter.NewSafeMounter(d.removeSMBMappingDuringUnmount)
+	d.mounter, err = mounter.NewSafeMounter(d.enableWindowsHostProcess, d.removeSMBMappingDuringUnmount)
 	if err != nil {
 		klog.Fatalf("Failed to get safe mounter. Error: %v", err)
 	}
diff --git a/pkg/util/util.go b/pkg/util/util.go
index 06b626cb849..638e8391bf3 100644
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -17,9 +17,17 @@ limitations under the License.
 package util
 
 import (
+	"k8s.io/klog/v2"
+	"os"
+	"os/exec"
 	"time"
 )
 
+const MaxPathLengthWindows = 260
+
+// control the number of concurrent powershell commands running on Windows node
+var powershellCmdSem = make(chan struct{}, 3)
+
 // ExecFunc returns a exec function's output and error
 type ExecFunc func() (err error)
 
@@ -46,3 +54,14 @@ func WaitUntilTimeout(timeout time.Duration, execFunc ExecFunc, timeoutFunc Time
 		return timeoutFunc()
 	}
 }
+
+func RunPowershellCmd(command string, envs ...string) ([]byte, error) {
+	// acquire a semaphore to limit the number of concurrent operations
+	powershellCmdSem <- struct{}{}
+	defer func() { <-powershellCmdSem }()
+
+	cmd := exec.Command("powershell", "-Mta", "-NoProfile", "-Command", command)
+	cmd.Env = append(os.Environ(), envs...)
+	klog.V(6).Infof("Executing command: %q", cmd.String())
+	return cmd.CombinedOutput()
+}