Page 1 of 2
How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 28 Sep 2021 17:38
by GInfo
Hi Folks,
I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)
the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.
EDIT: Target Operational Sytem are Windows 7 to Windows 10 (Language PT-BR)
another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.
If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.
the final result of the script, including the other verification methods, will be:
Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner
This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 28 Sep 2021 19:42
by Squashman
That is a big description about something but I am not understanding what your problem or question is. Do you have any code that you need help with or were you expecting someone to write a bunch of free code for you?
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 06:14
by atfon
It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:
https://docs.microsoft.com/en-us/window ... til-fsinfo
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 07:44
by Squashman
atfon wrote: ↑29 Sep 2021 06:14
You need to run it as Administrator
Not on Windows 10. You did previously on Windows 7.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 08:16
by atfon
Squashman wrote: ↑29 Sep 2021 07:44
atfon wrote: ↑29 Sep 2021 06:14
You need to run it as Administrator
Not on Windows 10. You did previously on Windows 7.
Interesting. Microsoft should really update their documentation:
https://docs.microsoft.com/en-us/window ... nds/fsutil
You must be logged on as an administrator or a member of the Administrators group to use fsutil.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 11:25
by miskox
I can't run in it on Windows 10 without admin rights.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 11:52
by atfon
miskox wrote: ↑29 Sep 2021 11:25
I can't run in it on Windows 10 without admin rights.
I was reviewing some old posts and I believe the reason Steffen uses net session in the info.bat script on this forum is due to fsutil no longer requiring Admin rights:
viewtopic.php?p=49172#p49172
I wonder if this has to do with what command you use with fsutil when run without elevation?
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 12:56
by OJBakker
I have tested fsutil on my system (windows 10)
command: fsutil fsinfo volumeinfo driveletter:
for the internal harddisks/partitions : requires administrator rights.
for external harddisks (usb) : does not require administrator rights.
So there is no Yes, no No, just a Maybe and trial and error on Windows 10.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 14:52
by Compo
If your batch file is already running from that drive, then it cannot be 'read only', just 'read', as it clearly has the 'execute' attribute! Are you therefore trying to determine whether the root directory, and/or its children are writeable? or something else?
Here's a quick untested idea:
Code: Select all
@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 22:25
by GInfo
atfon wrote: ↑29 Sep 2021 06:14
It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:
https://docs.microsoft.com/en-us/window ... til-fsinfo
Thank you very much for the tip, Atfon. But on the target operational system the fsutil fsinfo volumeinfo Drive: command does not show about readonly disk status. (Windows 7 PRO pt-br)
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 29 Sep 2021 22:57
by GInfo
GInfo wrote: ↑28 Sep 2021 17:38
Hi Folks,
I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)
the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.
another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.
If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.
the final result of the script, including the other verification methods, will be:
Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner
This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised.
Hi again,
well, as I still haven't got an alternative, I tried a script using the Diskpart command. it works, but...
the problems involved in it are:
1 - this is not accurate in the automatic choice of disk. because it chooses the unit for its equivalent size.
2 - requires administrative rights
3 - requires writing to disk (%temp%)
Code: Select all
set idcd=%cd:~0,+1%
echo list volume>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do set disksize=%%i
echo list disk>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=2 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disksize%"')do set diskn=%%i
(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i
IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%: IS NOT PROTECTED!
DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1
pause
Another alternative but that only works with removable drives and has the same problems as the code above, using the wmic command to identify the disk.
*there can only be one removable disk connected
Code: Select all
set idcd=%cd:~0,+2%
wmic logicaldisk get Description, DeviceID, VolumeName >"%Temp%\psmdd1.dat"
FOR /F "tokens=1,4 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do (
set disktype=%%i
set disklabel=%%j
)
wmic diskdrive get Index, MediaType >"%Temp%\psmdd1.dat"
FOR /F "tokens=1 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disktype%"')do set diskn=%%i
(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i
IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%(%disklabel%) IS NOT PROTECTED!
DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1
pause
I'm still looking for an alternative to Diskpart...
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 30 Sep 2021 11:33
by elzooilogico
can anyone test if
viewtopic.php?p=49172#p49201 change the fsutil behaviour? I don’t have access to a win machine
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 30 Sep 2021 12:04
by Compo
GInfo wrote: ↑29 Sep 2021 22:57
Hi again,
well, as I still haven't got an alternative, <Snip>
</Snip>
I'm still looking for an alternative to Diskpart...
I thought that my previous reply may have been an alternative?
Granted it is untested, and is only available in Windows 8/Server 2012 onwards
Compo wrote: ↑29 Sep 2021 14:52
Here's a quick untested idea:
Code: Select all
@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 30 Sep 2021 15:37
by GInfo
Compo wrote: ↑30 Sep 2021 12:04
GInfo wrote: ↑29 Sep 2021 22:57
Hi again,
well, as I still haven't got an alternative, <Snip>
</Snip>
I'm still looking for an alternative to Diskpart...
I thought that my previous reply may have been an alternative?
Granted it is untested, and is only available in Windows 8/Server 2012 onwards
Compo wrote: ↑29 Sep 2021 14:52
Here's a quick untested idea:
Code: Select all
@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected
Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.
Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk
Posted: 30 Sep 2021 17:32
by Compo
GInfo wrote: ↑30 Sep 2021 15:37
Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.
Well your question, at the time of both the original code and my repost of it, did not stipulate the Operating Systems it must work on, and of your provided range, that methodology would only exclude Windows 7 / Server 2008 R2, both of which were released twelve years ago, and have been out of support for almost two years now!
At least you've now made that correction / edit to your opening post.