RE: [ActiveDir] [OT] NTFS Read-only Status

[joe]

Now we just have to make sure it can work in this environment. :o)   The original implementation appears to be for VSS which doesn't do anything with multiple shared machines. I am confident I have written a tool that will lock a volume on a server. Now if that volume is on a SAN we have to verify if the same thing will work. I am not sure at what level the change is being made at.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Sunday, August 08, 2004 5:56 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status Oh that’s easy. J   Let’s assume you have a SAN. For example, an HP MSA-1000, with seven servers connected to it. You have two clustered SQL servers and five web servers.   The web servers generate dynamic content based on information stored in the SQL databases, plus a fair bit of “static” content (in this customer’s mind, static is anything that isn’t dynamic – which doesn’t fit with my definition, but that’s beside the point). The static content is of a fair-size (about 75 GB currently and growing to about 500 GB over the next few months as more publications come on line) and various piece-parts of it get updated constantly.   Instead of copying the static content around five various web servers (using whatever deployment tool of choice you have) – you put it in one place. Instant updates on all web servers. Cost? Maybe a rolling reboot.   Could I share a network drive via SMB/CIFS to get this capability? Absolutely. Do I want that overhead? Nope.   The web servers should never have the capability of updating the content (be it compromise or buggy program). This tool gives me the capability of preventing that from occurring.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Sunday, August 08, 2004 4:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status   What's an example of when this might be useful?   --brian -----Original Message----- From: joe [mailto:[EMAIL PROTECTED] Sent: Sun 8/8/2004 12:24 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] [OT] NTFS Read-only Status New update.   Everything needed is in the Platform SDK and DDK to do this. The only DDK file needed is the ntddvol.h header file.   I have done it.   Quick notes... Dean helped me work out why I tapped two volumes instead of one... Both volumes were on the same physical drive (physical as defined by the OS). This wouldn't have happened had I been running Dynamic disks though. A dynamic disk will let you do any single volume, a Basic disk makes you do the whole disk.   This works on FAT and NTFS volumes.   The command line joeware tool is called WriteProt. You can find it in the usual place...  I am wondering if I should make a GUI version of this.... And if I do, how much should I charge for it. :o)     C:\temp\disktest>writeprot /mview   WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004   Volume: C:  READ/WRITE Volume: D:  READ/WRITE Volume: E:  READ/WRITE Volume: F:  READ/WRITE Volume: G:  READ/WRITE Volume: H:  READ/WRITE Volume: I:  READ/WRITE Volume: J:  READ/WRITE Volume: K:  READ/WRITE Volume: L:  READ/WRITE Volume: M:  READ/WRITE Volume: N:  READ/WRITE   The command completed successfully.     C:\temp\disktest>writeprot /ro /vol d:   WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004   Configuring read-only status for volume d:..   The command completed successfully.     C:\temp\disktest>echo Joe Rocks > d:\joe.txt The media is write protected.   C:\temp\disktest>writeprot /mview   WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004   Volume: C:  READ/WRITE Volume: D:  READ-ONLY Volume: E:  READ/WRITE Volume: F:  READ/WRITE Volume: G:  READ/WRITE Volume: H:  READ/WRITE Volume: I:  READ/WRITE Volume: J:  READ/WRITE Volume: K:  READ/WRITE Volume: L:  READ/WRITE Volume: M:  READ/WRITE Volume: N:  READ/WRITE   The command completed successfully.     C:\temp\disktest>writeprot /rw /vol d:   WriteProt V01.00.00cpp Joe Richards ([EMAIL PROTECTED]) August 2004   Configuring read-write status for volume d:..   The command completed successfully.     C:\temp\disktest>echo Joe Rocks > d:\joe.txt   C:\temp\disktest>  joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, August 06, 2004 4:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status Update on this.   I chatted with Molly a little more then started playing... As my initial thoughts were ("there might be something in the DeviceIoControl function that could be leveraged"), there are some iocontrol codes you can play with and I started playing with them...   Let's just say I have just recovered my machine from write-protecting two of my volumes (I was shooting for one empty one but someone also got the 80gb ( with 8GB free) volume I was running from which had all my crap on it including the program that I was playing with...).   So now the goal is to see if I can get it to hit just one volume when I say I want one volume and to see if I can do it safely, my machine was rebooted more in the last 30 minutes than it has been in the last 12 months...   Also no more playing on my dev machine with this kind of code, only in virtual sessions....         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, August 02, 2004 5:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status Chat with your SAN people and see if they can somehow have it report the volume as read only. Sounds like earlier versions of the OS would be say no-way jose and refuse top mount, but XP/K3 should be ok with it.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, August 02, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status That was what I wanted. :-)   I'm building web farms on top of a couple of SANs. I want to share static data as read-only.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, August 02, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status I bugged Molly. Extremely nice person. :o)   The VSS driver underlying the file system is doing it. The driver tells the file system the volume is read only and as mentioned below about the I/O Subsystem enhancement when the file system sees that, it mounts as read-only instead of failing to mount.   So sounds like this would be a heavy duty exercise for an arbitrary volume.   Now if this was through a SAN though... I would wonder if you could have the SAN tell the OS the volume is read-only and the OS would be ok with it...     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Sunday, August 01, 2004 9:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status It was Molly Brown’s posts that led me to believe it was possible. To wit:   http://www.osronline.com/lists_archive/ntfsd/thread1636.html (message 7 in thread)   and others by her…   Dan Lovinger (danlo) also has a number of posts on the topic and says it’s documented in the “IFS Kit” (and while I can presume what IFS means,  I’m certainly not up to writing a filesystem for this purpose).   I guess it’s just over my head and not generally available at this time.   I’m not well enough connected to bug the folks you mention.   Thanks for your reply.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, August 01, 2004 6:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] [OT] NTFS Read-only Status   This one had me poking around as this would be interesting functionality. I found one hit in the newsgroups from a Molly Brown (mollybro) saying it is possible and a one liner in MSDN around I/O Subsystem enhancements .   "NTFS will now mount read-only on an underlying read-only volume. If the volume requires a log restart or a Chkdsk, the mount will fail."   That would seem to mean to me that it will do it automatically if the volume itself is somehow read only through the hardware versus failing to mount at all.       Otherwise I  looked at the obvious candidates for doing that like fsutil and mountvol and see nothing. The root api that I am aware of is SetVolumeMountPoint and it doesn't have way to specify optional params like that...   http://msdn.microsoft.com/library/default.asp?url="">     Possibly there is something in the Shadow Copy API which MS is hiding from normal people at the moment, you have to be an ISV (and under NDA) to see them or alternatively, there might be something in the DeviceIoControl function that could be leveraged. I will admit to not messing around in that area at all. Might be a good question to send to Solomon or Russinovich...       joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, July 23, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] [OT] NTFS Read-only Status I've tried this on other groups, and it is not A/D related. But you guys know so much...   I want a way to mount an NTFS volume read-only. I want a magic command like "mode e: read-only". :-)   It is clear to me (and I've found references) that this is supported with NTFS (Windows XP and above), but I cannot figure out/find out how to set it.   Any ideas?   Thanks, Michael