Say you want a specific disk volume read-only even if an Admin tries to write to it. This might be going a bit far, but there are some admins out there who shouldn't have admin rights... joe
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Sunday, August 08, 2004 4:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status What's an example of when this might be useful? --brian -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Sun 8/8/2004 12:24 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] [OT] NTFS Read-only Status New update. Everything needed is in the Platform SDK and DDK to do this. The only DDK file needed is the ntddvol.h header file. I have done it. Quick notes... Dean helped me work out why I tapped two volumes instead of one... Both volumes were on the same physical drive (physical as defined by the OS). This wouldn't have happened had I been running Dynamic disks though. A dynamic disk will let you do any single volume, a Basic disk makes you do the whole disk. This works on FAT and NTFS volumes. The command line joeware tool is called WriteProt. You can find it in the usual place... I am wondering if I should make a GUI version of this.... And if I do, how much should I charge for it. :o) C:\temp\disktest>writeprot /mview WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004 Volume: C: READ/WRITE Volume: D: READ/WRITE Volume: E: READ/WRITE Volume: F: READ/WRITE Volume: G: READ/WRITE Volume: H: READ/WRITE Volume: I: READ/WRITE Volume: J: READ/WRITE Volume: K: READ/WRITE Volume: L: READ/WRITE Volume: M: READ/WRITE Volume: N: READ/WRITE The command completed successfully. C:\temp\disktest>writeprot /ro /vol d: WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004 Configuring read-only status for volume d:.. The command completed successfully. C:\temp\disktest>echo Joe Rocks > d:\joe.txt The media is write protected. C:\temp\disktest>writeprot /mview WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004 Volume: C: READ/WRITE Volume: D: READ-ONLY Volume: E: READ/WRITE Volume: F: READ/WRITE Volume: G: READ/WRITE Volume: H: READ/WRITE Volume: I: READ/WRITE Volume: J: READ/WRITE Volume: K: READ/WRITE Volume: L: READ/WRITE Volume: M: READ/WRITE Volume: N: READ/WRITE The command completed successfully. C:\temp\disktest>writeprot /rw /vol d: WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004 Configuring read-write status for volume d:.. The command completed successfully. C:\temp\disktest>echo Joe Rocks > d:\joe.txt C:\temp\disktest> joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, August 06, 2004 4:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status Update on this. I chatted with Molly a little more then started playing... As my initial thoughts were ("there might be something in the DeviceIoControl function that could be leveraged"), there are some iocontrol codes you can play with and I started playing with them... Let's just say I have just recovered my machine from write-protecting two of my volumes (I was shooting for one empty one but someone also got the 80gb ( with 8GB free) volume I was running from which had all my crap on it including the program that I was playing with...). So now the goal is to see if I can get it to hit just one volume when I say I want one volume and to see if I can do it safely, my machine was rebooted more in the last 30 minutes than it has been in the last 12 months... Also no more playing on my dev machine with this kind of code, only in virtual sessions.... _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, August 02, 2004 5:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status Chat with your SAN people and see if they can somehow have it report the volume as read only. Sounds like earlier versions of the OS would be say no-way jose and refuse top mount, but XP/K3 should be ok with it. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, August 02, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status That was what I wanted. :-) I'm building web farms on top of a couple of SANs. I want to share static data as read-only. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, August 02, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status I bugged Molly. Extremely nice person. :o) The VSS driver underlying the file system is doing it. The driver tells the file system the volume is read only and as mentioned below about the I/O Subsystem enhancement when the file system sees that, it mounts as read-only instead of failing to mount. So sounds like this would be a heavy duty exercise for an arbitrary volume. Now if this was through a SAN though... I would wonder if you could have the SAN tell the OS the volume is read-only and the OS would be ok with it... joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Sunday, August 01, 2004 9:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status It was Molly Brown's posts that led me to believe it was possible. To wit: http://www.osronline.com/lists_archive/ntfsd/thread1636.html (message 7 in thread) and others by her... Dan Lovinger (danlo) also has a number of posts on the topic and says it's documented in the "IFS Kit" (and while I can presume what IFS means, I'm certainly not up to writing a filesystem for this purpose). I guess it's just over my head and not generally available at this time. I'm not well enough connected to bug the folks you mention. Thanks for your reply. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 01, 2004 6:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status This one had me poking around as this would be interesting functionality. I found one hit in the newsgroups from a Molly Brown (mollybro) saying it is possible and a one liner in MSDN around I/O Subsystem enhancements . "NTFS will now mount read-only on an underlying read-only volume. If the volume requires a log restart or a Chkdsk, the mount will fail." That would seem to mean to me that it will do it automatically if the volume itself is somehow read only through the hardware versus failing to mount at all. Otherwise I looked at the obvious candidates for doing that like fsutil and mountvol and see nothing. The root api that I am aware of is SetVolumeMountPoint and it doesn't have way to specify optional params like that... http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base /setvolumemountpoint.asp Possibly there is something in the Shadow Copy API which MS is hiding from normal people at the moment, you have to be an ISV (and under NDA) to see them or alternatively, there might be something in the DeviceIoControl function that could be leveraged. I will admit to not messing around in that area at all. Might be a good question to send to Solomon or Russinovich... joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, July 23, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] [OT] NTFS Read-only Status I've tried this on other groups, and it is not A/D related. But you guys know so much... I want a way to mount an NTFS volume read-only. I want a magic command like "mode e: read-only". :-) It is clear to me (and I've found references) that this is supported with NTFS (Windows XP and above), but I cannot figure out/find out how to set it. Any ideas? Thanks, Michael
<<attachment: winmail.dat>>
