How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
GInfo
Posts: 4
Joined: 28 Sep 2021 17:24

How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#1 Post by GInfo » 28 Sep 2021 17:38

Hi Folks,

I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)

the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.

EDIT: Target Operational Sytem are Windows 7 to Windows 10 (Language PT-BR)

another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.

If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.

the final result of the script, including the other verification methods, will be:

Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner

This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised. ;)
Last edited by GInfo on 30 Sep 2021 15:40, edited 1 time in total.

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#2 Post by Squashman » 28 Sep 2021 19:42

That is a big description about something but I am not understanding what your problem or question is. Do you have any code that you need help with or were you expecting someone to write a bunch of free code for you?

atfon
Posts: 178
Joined: 06 Oct 2017 07:33

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#3 Post by atfon » 29 Sep 2021 06:14

It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:

Code: Select all

fsutil fsinfo volumeinfo C:
https://docs.microsoft.com/en-us/window ... til-fsinfo

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#4 Post by Squashman » 29 Sep 2021 07:44

atfon wrote:
29 Sep 2021 06:14
You need to run it as Administrator
Not on Windows 10. You did previously on Windows 7.

atfon
Posts: 178
Joined: 06 Oct 2017 07:33

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#5 Post by atfon » 29 Sep 2021 08:16

Squashman wrote:
29 Sep 2021 07:44
atfon wrote:
29 Sep 2021 06:14
You need to run it as Administrator
Not on Windows 10. You did previously on Windows 7.
Interesting. Microsoft should really update their documentation:

https://docs.microsoft.com/en-us/window ... nds/fsutil
You must be logged on as an administrator or a member of the Administrators group to use fsutil.

miskox
Posts: 553
Joined: 28 Jun 2010 03:46

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#6 Post by miskox » 29 Sep 2021 11:25

I can't run in it on Windows 10 without admin rights.

atfon
Posts: 178
Joined: 06 Oct 2017 07:33

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#7 Post by atfon » 29 Sep 2021 11:52

miskox wrote:
29 Sep 2021 11:25
I can't run in it on Windows 10 without admin rights.
I was reviewing some old posts and I believe the reason Steffen uses net session in the info.bat script on this forum is due to fsutil no longer requiring Admin rights:

viewtopic.php?p=49172#p49172

I wonder if this has to do with what command you use with fsutil when run without elevation?

OJBakker
Expert
Posts: 88
Joined: 12 Aug 2011 13:57

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#8 Post by OJBakker » 29 Sep 2021 12:56

I have tested fsutil on my system (windows 10)
command: fsutil fsinfo volumeinfo driveletter:
for the internal harddisks/partitions : requires administrator rights.
for external harddisks (usb) : does not require administrator rights.

So there is no Yes, no No, just a Maybe and trial and error on Windows 10.

Compo
Posts: 599
Joined: 21 Mar 2014 08:50

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#9 Post by Compo » 29 Sep 2021 14:52

If your batch file is already running from that drive, then it cannot be 'read only', just 'read', as it clearly has the 'execute' attribute! Are you therefore trying to determine whether the root directory, and/or its children are writeable? or something else?

Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected

GInfo
Posts: 4
Joined: 28 Sep 2021 17:24

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#10 Post by GInfo » 29 Sep 2021 22:25

atfon wrote:
29 Sep 2021 06:14
It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:

Code: Select all

fsutil fsinfo volumeinfo C:
https://docs.microsoft.com/en-us/window ... til-fsinfo
Thank you very much for the tip, Atfon. But on the target operational system the fsutil fsinfo volumeinfo Drive: command does not show about readonly disk status. (Windows 7 PRO pt-br) :roll:

GInfo
Posts: 4
Joined: 28 Sep 2021 17:24

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#11 Post by GInfo » 29 Sep 2021 22:57

GInfo wrote:
28 Sep 2021 17:38
Hi Folks,

I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)

the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.

another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.

If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.

the final result of the script, including the other verification methods, will be:

Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner

This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised. ;)
Hi again,

well, as I still haven't got an alternative, I tried a script using the Diskpart command. it works, but...
the problems involved in it are:
1 - this is not accurate in the automatic choice of disk. because it chooses the unit for its equivalent size.
2 - requires administrative rights
3 - requires writing to disk (%temp%)

Code: Select all

set idcd=%cd:~0,+1%

echo list volume>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do set disksize=%%i

echo list disk>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=2 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disksize%"')do set diskn=%%i

(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"

diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i

IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%: IS NOT PROTECTED!

DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1

pause
Another alternative but that only works with removable drives and has the same problems as the code above, using the wmic command to identify the disk.
*there can only be one removable disk connected

Code: Select all

set idcd=%cd:~0,+2%

wmic logicaldisk get Description, DeviceID, VolumeName >"%Temp%\psmdd1.dat"
FOR /F "tokens=1,4 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do (
set disktype=%%i
set disklabel=%%j
)

wmic diskdrive get Index, MediaType >"%Temp%\psmdd1.dat"
FOR /F "tokens=1 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disktype%"')do set diskn=%%i

(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"

diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i

IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%(%disklabel%) IS NOT PROTECTED!

DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1

pause

I'm still looking for an alternative to Diskpart...

elzooilogico
Posts: 128
Joined: 23 May 2016 15:39
Location: Spain

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#12 Post by elzooilogico » 30 Sep 2021 11:33

can anyone test if viewtopic.php?p=49172#p49201 change the fsutil behaviour? I don’t have access to a win machine

Compo
Posts: 599
Joined: 21 Mar 2014 08:50

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#13 Post by Compo » 30 Sep 2021 12:04

GInfo wrote:
29 Sep 2021 22:57
Hi again,

well, as I still haven't got an alternative, <Snip>

</Snip>
I'm still looking for an alternative to Diskpart...
I thought that my previous reply may have been an alternative? Granted it is untested, and is only available in Windows 8/Server 2012 onwards
Compo wrote:
29 Sep 2021 14:52
Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected

GInfo
Posts: 4
Joined: 28 Sep 2021 17:24

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#14 Post by GInfo » 30 Sep 2021 15:37

Compo wrote:
30 Sep 2021 12:04
GInfo wrote:
29 Sep 2021 22:57
Hi again,

well, as I still haven't got an alternative, <Snip>

</Snip>
I'm still looking for an alternative to Diskpart...
I thought that my previous reply may have been an alternative? Granted it is untested, and is only available in Windows 8/Server 2012 onwards
Compo wrote:
29 Sep 2021 14:52
Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected
Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.

Compo
Posts: 599
Joined: 21 Mar 2014 08:50

Re: How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

#15 Post by Compo » 30 Sep 2021 17:32

GInfo wrote:
30 Sep 2021 15:37
Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.
Well your question, at the time of both the original code and my repost of it, did not stipulate the Operating Systems it must work on, and of your provided range, that methodology would only exclude Windows 7 / Server 2008 R2, both of which were released twelve years ago, and have been out of support for almost two years now!

At least you've now made that correction / edit to your opening post.

Post Reply