1

When you set read only attribute on disk or partition with diskpart, is it stored on the disk itself? Some answers here say yes but in my experience it is not saved on the disk. I marked removable USB disk read only on one machine (win 8.1), brought it to other machine (win10) and diskpart does not show it as read only. Is there an option to save this attribute on the disk?

ddbug
  • 231

4 Answers4

3

Short answer:

Attributes DISK [set | clear] READONLY stores the attribute in the Windows registry, not on the physical disk. This means it is only valid for the currently running Windows installation and it won't be carried, set and enforced on other OSes.

Attributes VOLUME [set | clear] READONLY stores the attribute on the physical disk. This means it WILL be carried, set and enforced also onto other OSes, including Linux (I had to manually remount the disk in rw mode, plus it didn't touched the stored attribute, so I had to manually remove it in Windows).

BE CAREFUL with administrative access, though:
while the DISK attribute prevents ALL writes on the entire disk (i.e. both the volume(s) filesystem and the partition table), the VOLUME attribute prevents writing ONLY to the volume(s) filesystem, leaving the partition table STILL writable (i.e. you can still delete a read-only volume).

Long answer:

Attributes DISK [set | clear] READONLY

The attribute is stored in the value named "Attribute", located at the registry subkey HKLM\SYSTEM\CurrentControlSet\Enum\*\Disk*\Device Parameters\Partmgr, where * is the disk's enumerated and installed device node (look in Device Properties in Disk Management).

It's a bitmask value, and the readonly attribute is Bit #1 (Bit #0 is for online/offline disk status), so setting readonly on an online disk will change the value from 0 to 2, but setting it on an offline disk will change the value from 1 to 3.

Advantages:
The disk is entirely read-only: all write attempts will guarantee to FAIL, including its partition table (e.g. deleting/creating volumes, changing the Unique Disk Signature/ID and so on), plus the status will be clearly visible in Disk Management.

Disadvantages:
It is valid only for the currently running Windows installation until its enumeration device node stays the same (no guarantee for removable drives). The disk will be in read-write mode again if it is connected to another computer or its device node changes for any reason, e.g. it is connected to another bus, port or hub (especially USB) or it is uninstalled and reinstalled in Device Manager.

Attributes VOLUME [set | clear] READONLY

The attribute is physically stored on disk, depending by its partition style (MBR or GPT).

On GPT disks:
The attribute is stored in the Attributes field of the volume's partition table entry, and it is valid ONLY for that volume (as declared in the diskpart help description).

On MBR disks:
The attribute is stored at offset 0x400h (or sector #2 on a 512-byte logically formatted disk) as a "short version" of a GPT entry where only the Type GUID and Attributes field are used for a total of 0x18h bytes, and it is valid FOR ALL VOLUMES (as declared in the diskpart help description).

Here below a sample hexadecimal output and its structure:

   Hex Offset    0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
   0000000400   A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
   0000000410   00 00 00 00 00 00 00 10

  • 0x400: 128-bit GUID Type GUID, with value EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (i.e. the Microsoft Basic Data Partition Type GUID);

  • 0x410: 64-bit integer Attributes, with value 0x1000000000000000 (i.e. bit #60 set).

In the same way, it is also possible to set the SHADOWCOPY, HIDDEN and NODEFAULTDRIVELETTER attributes (bits #61, #62 and #63, respectively).

Advantages:
The attribute is preserved when the disk is connected to other systems, e.g. Linux, which preserves it even if the volume is (re)mounted in rw mode.

Disadvantages:
The attribute is not visible in Disk Management but only within diskpart, plus:

On GPT disks:

  • attributes applies ONLY to the selected volume (but this is expected behavior);
  • it does not prevent the read-only volume to be deleted (but if it is deleted, the attribute is automatically cleared, because its associated GPT entry is entirely zeroed out).

On MBR disks:

  • attributes applies to ALL volumes on the disk, due to no other way to set attributes on MBR (and the consequent on-disk attribute structure);

  • volumes can be still deleted (for unknown reason, AFAIK);

  • the attribute is NOT cleared if one or more or all volumes are deleted (the only way to safely clear it is by executing attributes VOLUME CLEAR readonly at the diskpart prompt);

  • new volumes can still be created, but cannot be formatted (because it is a write operation).

This is my simple point of view, but the reason why the volume attributes are applied to ALL VOLUMES on MBR disks can be:

  1. No more available places in the MBR sector, 'cause "Boot Indicator" flag refuses any value other 0x80 or 0x00 (or the boot sequence will go crazy) and the "Optional" bytes located at offset 0x1BC (444) are declared as "reserved" (despite some bits of that 16-bit field could be used);

  2. Windows shares the same Type GUID for all filesystems in a partition, so setting that Type GUID it means "for all data volumes" (other Type GUIDs like the Recovery partition will not receive a Diskpart "volume" entry, only a "partition" one).

ST83
  • 131
  • 8
2

Going by the deffinition of disk, volume, and partition in diskpart. I assumed the following:

attributes disk set ...: Disk attributes are stored in the operating system (reg).

gpt attributes=0x...: Partition attributes are stored in the partition table (exist only in gpt).
This is described by @ST83 when talking about "type guid" and attributes as hex values.

attributes volume set ...: volume attributes are stored in the file system within the partition.
But in MBR the operating system dind't use these attributes to handle volumes, but was rather using some workaround.
As explaind by @ST83 an attribute is stored at offset 0x400h for the whole disk.


I feel like I am a little late to the party. But just the fakt that there are 3 different commands in diskpart that were somehow fused into 2 by @ST83 dosn't make much sens to me.
Anyways, I would much appreciate it, if one of you took the time to clarify any mistakes I made. Or, should I be right, clarify why volume attributes were not used even though being there.

jpi bcooq
  • 21
0

This information can't be stored on the partition - it is probably an attribute associated with the filesystem - its not uncommon for filesystems to have such an attribute to force a diskcheck before allowing further changes to be made to the disk if the filesystem is not in a consistent state at shutdown.

davidgo
  • 73,366
0

The Read-Only flag cannot be stored on disk itself. To get the disk read-only status, you may use the PowerShell command Get-Disk. For instance: (Get-Disk -Number 2).IsReadOnly

Sly Mat
  • 572