Hi all,
I was just wondering if anyone knows a way to prevent users from removing a attached VHD from "Safely remove hardware and eject media", We have had multiple users eject the VHD when they are going to unplug their USB and they are ejecting the attached VHD insted.
Any help would be much appreciated.
(Apologies if this is in the wrong section)
Still cant find a solution to this,
I have found the DeviceOverRides in registry "HKLM\SYSTEM\CurrentControlSet\Control\DeviceOverrides"
I added the following keys for each of the Hardware ID's and Compatible ID's of the VHD listed below.
SCSI\DiskMsft____Virtual_Disk____1.0_
SCSI\DiskMsft____Virtual_Disk____
SCSI\DiskMsft____
SCSI\Msft____Virtual_Disk____1
Msft____Virtual_Disk____1
GenDisk
Replaced the "\" with "#". So for example I made the following keys,
Below is the following keys I entered:
I did the above for each single "Hardware Ids" for the VHD.Code:HKLM\SYSTEM\CurrentControlSet\Control\DeviceOverrides HKLM\SYSTEM\CurrentControlSet\Control\DeviceOverrides\SCSI#DiskMsft____Virtual_Disk____1.0_ HKLM\SYSTEM\CurrentControlSet\Control\DeviceOverrides\SCSI#DiskMsft____Virtual_Disk____1.0_\LocationPaths\ HKLM\SYSTEM\CurrentControlSet\Control\DeviceOverrides\SCSI#DiskMsft____Virtual_Disk____1.0_\LocationPaths\*\ Then created the dword "removable" with value "0" inside the "*" key
After doing this, It removed the individual entries for each VHD for example both VHD had their own category in Safely Remove Hardware listed below:
After adding the DeviceOverride keys for the hardware Ids of the VHD, It has only recategorized the VHD and it is still removeable,Code:Eject Msft Virtual Disk SCSI Disk Device - EXAMPLE (D:) Eject Msft Virtual Disk SCSI Disk Device - EXAMPLE (E:) Eject Msft Virtual Disk SCSI Disk Device - EXAMPLE (F:)
Under Safely Remove hardware it displays the following:
Does Anyone else know a way to prevent a VHD from being removed/disconnected.Code:computername123 -Eject Msft Virtual Disk SCSI Disk Device -Eject Msft Virtual Disk SCSI Disk Device -Eject Msft Virtual Disk SCSI Disk Device
Can't remove/hide "Safely remove hardware" because people frequently bring their own personal USB devices.
Any help would be much appreciated.
Thanks,
One thing I've just noticed, not a fix but a workaround.
Currently, even if I safely remove a mounted VHD (which normally would result in a virtual disk drive exception, exclaimed in devmgmt.msc, and the volume would be unmountable until full restart is completed).
If I use VHD Attach's Detach... (ie open the vhd file that's just been removed, then hit Detach) the volume can be remounted again, safely ejected (and detached), remounted....
I was asked to stick my nose in here. I don't know if this will help or not...
Is it possible to mount the vhd file as read only when it is being used by a virtual machine?
No, that's re VMware / Virtually hosted volumes using a host like virtualbox or hyper-pc I think.
In this thread I'm talking about native virtual hard drives, new windows 7 feature, and shared virtual volumes.
Differencing disks impose massively restrictive and convoluted pre-requisites, imho. you can't have a volume as a single file, so you can't easily copy it, the parent needs to be read-only, and (here's the deal-breaker) the updates need to be deployed on all the children. Smells like virtual obese teen spirit.
the specific issue in this thread is how attached volumes behave with windows 7. These are not read-only volumes, and they cannot be safely removed... well, they can, but you'll get an exclamation re the drive in device manager, and you won't be able to re-attach the volume... unless you detach it using VHD Attach, for example. Think that's a workaround I mentioned here earlier, if not.. now you know (hopefully).
Thanks for the interest though
Good news I think. I parked this issue a while back but stumbled on a successful search result whilst investigating removing the removable bit from volumes... all credit goes to Helge Klein
The enumerated data is recreated on reboot, so a script (batch) is needed to write the registry entry.
I just tested by:
using regedit to navigate to the (virtual) volume's Key (use devmgmt.msc and properties on the device, populate the volume to identify and capacity and confirm you have the right volume if you have several... Think I'll modify the "friendly name" too...) captured from the device instance path, ie
identify volume
get dev.ID
Find in reg, ie
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\2&1f4adffe&0&0 00002
Get permission! (Tip: NirSoft RegOwnership)
Change Capabilities to 2 (decimal)
NB if you get a permission error navigate away from and back to the key, to refresh.
//from inc/api/cfgmgr32.h (WINDDK)
#define CM_DEVCAP_LOCKSUPPORTED (0x00000001)
#define CM_DEVCAP_EJECTSUPPORTED (0x00000002)
#define CM_DEVCAP_REMOVABLE (0x00000004)
#define CM_DEVCAP_DOCKDEVICE (0x00000008)
#define CM_DEVCAP_UNIQUEID (0x00000010)
#define CM_DEVCAP_SILENTINSTALL (0x00000020)
#define CM_DEVCAP_RAWDEVICEOK (0x00000040)
#define CM_DEVCAP_SURPRISEREMOVALOK (0x00000080)
#define CM_DEVCAP_HARDWAREDISABLED (0x00000100) (default)
#define CM_DEVCAP_NONDYNAMIC (0x00000200)
The change is noticeable straight away..
I'm gonna do some more testing with a dummy volume, to ensure normal detach (using diskmgmt, for example) is not hindered....
Interestingly, on reboot, I'm getting the "drive in use" less-than-helpful message when trying to 'safely remove' the drive (after reboot, change not yet persistent, still testing)...
unmount worked, re-rebooting, to see what the crack is... video illustration and script particulars coming soon
windows search indexer stops the volume being safely removed... prohibiting volume from being indexed, and modifying and disabling winblows search indexer (one word: everything)
rewriting permissions on 200g data
Make drive unremovable : demo
The batch in it's entirety is detailed below, including a new friendly name to help identify the volume in devmgmt etc
:: 1! subinacl /subkeyreg "DEV INSTANCE IN HKEY" /setowner=user
:: 2! subinacl /subkeyreg "DEV INSTANCE IN HKEY" /grant=user
:: 3! reg add "HKEY DEV" /v Capabilities /t REG_DWORD /d 2 /f
subinacl /subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0& 000002" /setowner=jonny
subinacl /subkeyreg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0& 000002" /grant=jonny
:: Disable eject hard disk
:: Original value: 100
reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0& 000002" /v Capabilities /t REG_DWORD /d 2 /f
reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\2&1F4ADFFE&0& 000002" /v FriendlyName /t REG_SZ /d LBS.VHD /f
Quote
