24 replies to this topic

[Rocky Essing]

I'm not sure why this is occuring and I am hoping someone can help me find a way around it.  I use a batch script to attach a bitlocker-encrypted VHD using diskpart.  Whenever I attach the VHD, windows 10 immediately tries to explore the new drive and pops up a blank  explorer window and an error "H:\ is not accessible.  Access is denied."

Then I get a notification from Windows that the drive is bitlocker encrypted. After I enter the password a new explorer window opens with the VHD contents.  Does anyone here have any suggestions on how to prevent the initial explorer window from opening.  The diskpart script I am using is a follows:

 

select vdisk file="C:\Users\USERNAME\Desktop\7900.vhd"
attach vdisk

 

and I call it via diskpart /s from an elevated batch file.

 

Thanks in advance,

 

Rocky Essing

 

 

[Wonko the Sane]

I am not too sure whether this is a bug or if it happens "by design" instead.

What happens if you select the actual partition *like* :

https://isc.sans.edu...ntainers/20593/

 

Wonko

[Rocky Essing]

I'm not sure what you are suggesting.  Here is a process to replicate the issue:

1) Create VHD

   a)Create partition

   b)Format NTFS

2) Turn on bitlocker

3) detach or Eject VHD

3) attach via diskpart

 

Please note that this seems to affect Windows 10 only.  Every other version of windows I've tried simply pops up the bitlocker dialog.

Edited by Rocky Essing, 29 January 2016 - 10:44 PM.

[Wonko the Sane]

The given reference uses 3 (three) commands to attach the vdisk:

select vdisk file="c:\container.vhd"
select partition 1
attach vdisk

you reported using 2 (two) of them:

select vdisk file="C:\Users\USERNAME\Desktop\7900.vhd"
attach vdisk

I was asking if what you reported happens the same if you use the three commands, i.e. selecting the partition BEFORE issuing the attach command.

The given reference also reports that in Windows 10 seemingly double clickiing on the VHD file works fine to mount it without needing to use diskpart, possibly a shortcut to the .vhd will work as well.  

 

Wonko

[Rocky Essing]

That doesn't actually work.  Since you haven't attached the disk yet, you get the following error:

 

There is no disk selected to set the partition.
Select a disk and try again.

 

Windows 10 does support  mounting VHDs and ISOs by double clicking on them.  This batch is for backwards compatibility with windows 7, which does not.  It would be nice to have a solution that worked for both.

 

I also tested double clicking on the VHD and it causes the same issue, so apparently diskpart is not to blame.  I'm pretty sure this is just a bug in Windows 10, but I appreciate you taking the time to try to help me.

Edited by Rocky Essing, 01 February 2016 - 06:28 AM.

[Wonko the Sane]

So basically the given reference is inaccurate but I am more perplexed by the commenter's report abut the right click feature working on Windows 10.

Is it false?

Maybe the issue is due to some service/component (or third party tool, let's say a real-time anti-virus for the sake of the reasoning) attempting to access the volume before it is actually mounted. 

(this would explain the report of success and your different outcome, due to a diofferent configuration on your system)

 

Wonko

[Rocky Essing]

In Windows 10 you can right-click and choose mount for a VHD.  It will very nicely mount it and open an explorer window to show you the contents(Double-clicking also works).  It appears, however, that Microsoft did not foresee the possibility of people applying Bitlocker to VHDs.  At least, not in windows 10.

Edited by Rocky Essing, 03 February 2016 - 01:15 AM.

[cdob]

Idea: set attribute nodefaultdriveletter.
https://technet.micr...y/gg252643.aspx

Which results do you get now?
Do you get a bitlocker encrypted message at all?

Or remove the drive letter at a detach script.

[Rocky Essing]

cdob : Good Idea, but that attribute doesn't seem to "stick" on VHDs.  I tried mounting the VHD, setting that attribute, ejecting the VHD and mounting it again.  I got the same error as before.

[Wonko the Sane]

In Windows 10 you can right-click and choose mount for a VHD.  It will very nicely mount it and open an explorer window to show you the contents(Double-clicking also works).  It appears, however, that Microsoft did not foresee the possibility of people applying Bitlocker to VHDs.  At least, not in windows 10.

Well, then the report on the given reference specifically about bitlockered VHD's mounting on Windows 10 with right click is also false.

 

Maybe playing with the sanpolicy and/or noautomount?

 

Some reference:

http://reboot.pro/to...t-combinations/

 

Wonko

[Rocky Essing]

I really don't want to mess with something that low-level.  This script is for a VHD which resides on a Flash Drive and is used on multiple computers.  Unless I can figure out a way to fix this from the command line, I will need to wait and hope that microsoft patches this issue.

[garuda24]

Created a new account just to say... this is still an issue in 2017.

 

At least I know it's not just me, thanks for posting!

[Gunnar Haslinger]

Issue can be solved by creating the Partition with ID 27 = Recovery Partition first, and after formating the Partition change to regular data-Partition ID. Recovery-Partitions are not Auto-mounted.

 

See my Script here - this works:

https://github.com/g...X-Container.bat

[Wonko the Sane]

Good  ,

just for the record "Normal" EXFAT is Partition ID 07, not partiton ID 06 (which is a primary DOS volume FAT 16 up to 32 mb).

 

In case of need, it is possible to send DISKPART commands without needing a temporary script file, and in case you want to have it, there is no need to delete it before, you can use a single redirection character in first command to overwrite it .

 

Wonko

[Rocky Essing]

Cool.  I will have to try this.  I will report back later with my findings.  Thanks for the tip.  One question...since you are changing the partition ID, It's no longer a recovery partition, so why doesn't Windows try to automount it?

[Rocky Essing]

Unfortunately, this did not work.  I used your script to create a new container and then mounted it with diskpart.  Windows immediately complained that V: is not accessible.  https://www.dropbox....apture.PNG?dl=0

[Gunnar Haslinger]

Partitions with ID 06 (FAT) or 07 (EXFAT) are automounted.

Partitions with ID 27 (Recovery Partition) are not automounted.

 

Your Screenshot shows not my script. You obviously attach a already existing (and probably not paritioned with ID 27) vhdx.

My Script creates a new vhdx, creates a Partition with id=27 and attaches it. This doesn't trigger automount.

[Wonko the Sane]

... (and probably not paritioned with ID 27) vhdx....

 

That would be consistent with the difference in commands highlighted in post #4.

Maybe it is a non-partitioned .vhdx (aka a superfloppy)?

 

Wonko

[Rocky Essing]

Yes, that was your script.  Try this:  Run your script and then eject the drive.  the next time you attach it, the error will appear.  I suspect that your script only works because you are assigning the drive letter and then running bitlocker.  Since the drive letter is already assigned, windows doesn't see it as a new disk and doesn't try to mount it.  Attaching the VHD afterward, without a drive letter assigned, triggers windows to auto mount it.

 

Also, your script sets the ID back to 07.

Edited by Rocky Essing, 11 March 2018 - 11:44 PM.

[Wonko the Sane]

Yes, that was your script.  Try this:  Run your script and then eject the drive.  the next time you attach it, the error will appear.  I suspect that your script only works because you are assigning the drive letter and then running bitlocker.  Since the drive letter is already assigned, windows doesn't see it as a new disk and doesn't try to mount it.  Attaching the VHD afterward, without a drive letter assigned, triggers windows to auto mount it.

 

Also, your script sets the ID back to 07.

And what happens if - before detaching the VHD - you set the partition ID back to 27?

Or to 17 that means "hidden" partition of type 07.

 

Wonko

[Rocky Essing]

If I comment out then line that sets the id back to 07 , the behavior is the same.  If I set it to 17, then the script gets an error when it attempts to assign a drive letter.  It says, "There is no volume specified."  It looks like I could avoid the "access is denied" error if I could preassign a drive letter in diskpart before attaching the VHD. 

Edited by Rocky Essing, 12 March 2018 - 11:50 AM.

[Wonko the Sane]

If I comment out then line that sets the id back to 07 , the behavior is the same.  If I set it to 17, then the script gets an error when it attempts to assign a drive letter.  It says, "There is no volume specified."  It looks like I could avoid the "access is denied" error if I could preassign a drive letter in diskpart before attaching the VHD. 

I was trying to say something different.

 

The experiment to try is IMHO:

1) run the batch or however have a non-mounted, non-attached VHD with a bitlockered partition in it marked (in the partition table of the VHD file) normally as 0x07

2) hex edit the partition ID on file (that will be offset 450) to either 17 or 27

3) attempt to attach the VHD via diskpart

 

There should be no attempt to assign a drive letter to the "Hidden" or "Reserved" partition.

 

Then try using Mountvol to assign a drive letter to it.

 

Or - alternatively - try mountstorPE or showdrive:

 

http://reboot.pro/to...-line-possible/

 

Wonko

[WebSmith]

I had the same issue and found that it was just Autoplay trying to open the drive/folder.

 

To get around the issue I just right clicked on the mounted drive in My Computer then "Open Autoplay..." and selected "Take no action".

 

This means it's not then trying to take any action automatically before you unlock the drive.

 

Hope this helps.

[Wonko the Sane]

I had the same issue and found that it was just Autoplay trying to open the drive/folder.

 

To get around the issue I just right clicked on the mounted drive in My Computer then "Open Autoplay..." and selected "Take no action".

 

This means it's not then trying to take any action automatically before you unlock the drive.

 

Hope this helps.

Interesting.

I would have never thought about that, I always disable autorun on all media/devices.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoDriveTypeAutoRun 0xFF

 

Maybe there is a setting to exclude attached VHD's if the above is "too wide", cannot say how an attached VHD is "classified"

http://www.samlogic....typeautorun.htm

https://support.micr...lity-in-windows

 

Wonko