How to get READONLY Status for Current disk drive (usb) - like diskpart/attr disk

[GInfo]

Hi Folks,

I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)

the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.

EDIT: Target Operational Sytem are Windows 7 to Windows 10 (Language PT-BR)

another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.

If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.

the final result of the script, including the other verification methods, will be:

Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner

This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised.

[Squashman]

That is a big description about something but I am not understanding what your problem or question is. Do you have any code that you need help with or were you expecting someone to write a bunch of free code for you?

[atfon]

It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:

Code: Select all

fsutil fsinfo volumeinfo C:

https://docs.microsoft.com/en-us/window ... til-fsinfo

[Squashman]

You need to run it as Administrator

Not on Windows 10. You did previously on Windows 7.

[atfon]

You need to run it as Administrator

Not on Windows 10. You did previously on Windows 7.

Interesting. Microsoft should really update their documentation:

https://docs.microsoft.com/en-us/window ... nds/fsutil

You must be logged on as an administrator or a member of the Administrators group to use fsutil.

[miskox]

I can't run in it on Windows 10 without admin rights.

[atfon]

I can't run in it on Windows 10 without admin rights.

I was reviewing some old posts and I believe the reason Steffen uses net session in the info.bat script on this forum is due to fsutil no longer requiring Admin rights:

viewtopic.php?p=49172#p49172

I wonder if this has to do with what command you use with fsutil when run without elevation?

[OJBakker]

I have tested fsutil on my system (windows 10)
command: fsutil fsinfo volumeinfo driveletter:
for the internal harddisks/partitions : requires administrator rights.
for external harddisks (usb) : does not require administrator rights.

So there is no Yes, no No, just a Maybe and trial and error on Windows 10.

[Compo]

If your batch file is already running from that drive, then it cannot be 'read only', just 'read', as it clearly has the 'execute' attribute! Are you therefore trying to determine whether the root directory, and/or its children are writeable? or something else?

Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected

[GInfo]

It can be a bit of a pain to script for diskpart as it requires an external file. I would suggest fsutil. You need to run it as Administrator, but you can capture Read/Write or Read Only information for a drive. For example:

Code: Select all

fsutil fsinfo volumeinfo C:

https://docs.microsoft.com/en-us/window ... til-fsinfo

Thank you very much for the tip, Atfon. But on the target operational system the fsutil fsinfo volumeinfo Drive: command does not show about readonly disk status. (Windows 7 PRO pt-br)

[GInfo]

Hi Folks,

I'm trying a script to get the readonly status set by the Diskpart / attr disk set readonly command, but to the disk drive where the script is running, like a flash drive. (current disk)

the result (Readonly: Yes / No) will be used to alert the user that the disk is unprotected for writing.

another method of checking write permissions (NTFS) is already in use, including testing to store a file on disk.

If there is another way or command to acquire the readonly disc status everything is fine, as long as it is the same result acquired with diskpart/attr disk.

the final result of the script, including the other verification methods, will be:

Readonly: Yes/No
NTFS Permission to write: Yes/No
Owner: owner

This script will be used to monitor disk access in real time (every x seconds) as some malware may try to modify readonly disk, NTFS permissions or take over files. if this happens the user will be alerted that the disk has been compromised.

Hi again,

well, as I still haven't got an alternative, I tried a script using the Diskpart command. it works, but...
the problems involved in it are:
1 - this is not accurate in the automatic choice of disk. because it chooses the unit for its equivalent size.
2 - requires administrative rights
3 - requires writing to disk (%temp%)

Code: Select all

set idcd=%cd:~0,+1%

echo list volume>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do set disksize=%%i

echo list disk>"%Temp%\psmds1.dat"
diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=2 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disksize%"')do set diskn=%%i

(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"

diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i

IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%: IS NOT PROTECTED!

DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1

pause

Another alternative but that only works with removable drives and has the same problems as the code above, using the wmic command to identify the disk.
*there can only be one removable disk connected

Code: Select all

set idcd=%cd:~0,+2%

wmic logicaldisk get Description, DeviceID, VolumeName >"%Temp%\psmdd1.dat"
FOR /F "tokens=1,4 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%idcd%"')do (
set disktype=%%i
set disklabel=%%j
)

wmic diskdrive get Index, MediaType >"%Temp%\psmdd1.dat"
FOR /F "tokens=1 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "%disktype%"')do set diskn=%%i

(
echo select disk %diskn%
echo attr disk
) >"%Temp%\psmds1.dat"

diskpart /s "%temp%\psmds1.dat" >"%Temp%\psmdd1.dat"
FOR /F "tokens=5 delims= " %%i in ('type "%Temp%\psmdd1.dat" ^| find "Current Read-only State:"')do set readonly=%%i

IF "%readonly%"=="No" echo THE DISC %diskn% - %idcd%(%disklabel%) IS NOT PROTECTED!

DEL /Q "%Temp%\psmdd1.dat" >nul 2>&1
DEL /Q "%Temp%\psmds1.dat" >nul 2>&1

pause

I'm still looking for an alternative to Diskpart...

[elzooilogico]

can anyone test if viewtopic.php?p=49172#p49201 change the fsutil behaviour? I don’t have access to a win machine

[Compo]

Hi again,

well, as I still haven't got an alternative, <Snip>

</Snip>
I'm still looking for an alternative to Diskpart...

I thought that my previous reply may have been an alternative? Granted it is untested, and is only available in Windows 8/Server 2012 onwards

Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected

[GInfo]

Hi again,

well, as I still haven't got an alternative, <Snip>

</Snip>
I'm still looking for an alternative to Diskpart...

I thought that my previous reply may have been an alternative? Granted it is untested, and is only available in Windows 8/Server 2012 onwards

Here's a quick untested idea:

Code: Select all

@Set "DL=%~d0"
@"%SystemRoot%\System32\wbem\WMIC.exe" /NameSpace:"\\ROOT\Microsoft\Windows\Storage" Path "MSFT_Partition" Where DriveLetter="%DL:~,1%" Get "IsReadOnly" 2>NUL | "%SystemRoot%\System32\find.exe" "TRUE" 1>NUL && Echo %DL% is write protected

Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.

[Compo]

Thank you very much friend, but this script does not work on target operating system (windows 7 up to 10 - PT-BR). but I'll save your tip for newer versions.

Well your question, at the time of both the original code and my repost of it, did not stipulate the Operating Systems it must work on, and of your provided range, that methodology would only exclude Windows 7 / Server 2008 R2, both of which were released twelve years ago, and have been out of support for almost two years now!

At least you've now made that correction / edit to your opening post.