Jump to content











Photo
- - - - -

question about map --read-only


  • Please log in to reply
14 replies to this topic

#1 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 13 October 2012 - 04:09 PM

I use these commands to boot windows installation ISOs




title Windows 7 x64 ISO with USB3



map --mem (md)0x800+4 (99)

map /multiboot/ISOs/win7.x64.mysetup.USB3.ISO (0xff)

map (hd0) (hd1)

map (hd1) (hd0)

map --hook

write (99) [FiraDisk]\nStartOptions=cdrom,vmem=find:/multiboot/ISOs/win7.x64.mysetup.USB3.ISO;\n\0

chainloader (0xff)/BOOTMGR || chainloader (0xff)

 


I would like to make it so that the USB attached SSD that contains the ISO that grub4dos is booting from, would only allow read-only access to the SSD

This is so that it would be impossible to inadvertently format the SSD, whilst booted from the ISO, so as to avoid destroying the multiboot configuration

so would this work




title Windows 7 x64 ISO with USB3



map --mem (md)0x800+4 (99)

map /multiboot/ISOs/win7.x64.mysetup.USB3.ISO (0xff)

map --read-only (hd0) (hd1)

map (hd1) (hd0)

map --hook

write (99) [FiraDisk]\nStartOptions=cdrom,vmem=find:/multiboot/ISOs/win7.x64.mysetup.USB3.ISO;\n\0

chainloader (0xff)/BOOTMGR || chainloader (0xff)

 


or would more be required to achieve this?

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,125 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 October 2012 - 05:21 PM

The --read-only is only relative to the access you want to give to grub4dos, as soon as the .iso is loaded (since it is a NT based system and uses it's own drivers/settings) this setting means "nothing", you will need to use something like the FBWF or EWF filter drivers (cannot say what/which actual filter may work on 7) or *any* other method within the Windows 7 .iso/OS.
The --read-only will extend to the real-mode part of the BOOTMGR, then, as soon as it switches to protected mode, that setting goes "poof" ....

Not entirely unlike Keyser Soze (or the Devil) :ph34r::
http://www.imdb.com/...es?qt=qt0480665


:cheers:
Wonko

#3 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 13 October 2012 - 05:38 PM

Do you think I could do it through running a script to

create a temporary user account in the installer

set permissions for that user to read-only for the USB SSD, full access to other drives

logon as the temp user

or is it not possible to create users in the PE environment?

#4 steve6375

steve6375

    Platinum Member

  • Developer
  • 4,995 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 13 October 2012 - 06:17 PM

You could run diskpart in a PE script and set the attribute of the disk to read-only.
You can test this by using SHIFT+F10 to get a cmd prompt (once booted from the ISO) and then run diskpart and type (where x is the number of the SSD)
LIST DISK
SEL DISK x
DETAIL DISK
ATT DIS SET READONLY
DETAIL DISK
EXIT

then exit from the cmd shell and see if you can then format/partition/wipe the disk.
If it works, you will have to work out a way of identifying the SSD disk number so you can script it..

Presumably you have already integrated Firadisk drivers into the ISO??

#5 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 13 October 2012 - 06:23 PM

OK, I'll try that

Yes I've added firadisk to the ISO

#6 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 13 October 2012 - 06:42 PM

regarding the disk numbers, wouldn't the grub4dos map commands help make it so a drive always has a certain disk number?

#7 steve6375

steve6375

    Platinum Member

  • Developer
  • 4,995 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 13 October 2012 - 06:46 PM

no, once booted to PE, the disk number could be anything. I have seen PE boot from USB on a system that has two identical blank HDDs. It is pot luck which of the two Sata HDDs is assigned by PE as disk 0.

One way to script it would be to look for a tag file on the SSD and from this get the volume letter, then use SEL VOL X: instead of SEL DISK X.

P.S. If PE 3.1 you could try SEL DISK SYSTEM and see if that selects boot disk every time (even if there is Windows installed on the internal HDD)?? see http://technet.micro...0(v=ws.10).aspx

#8 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 14 October 2012 - 08:44 AM

Setting the Volume to read-only worked.

so now a way is needed to get the volume ID number from the drive letter or something so it can be scripted

#9 steve6375

steve6375

    Platinum Member

  • Developer
  • 4,995 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 14 October 2012 - 12:49 PM

:: Place SSD.TAG file on the drive you want to protect
FOR %%i IN (C D E F G H I J K L N M O P Q R S T U V W X Y Z) DO IF EXIST %%i:SSD.TAG SET SSD=%%I:
echo LIST DISK > PROT.SCR
echo SEL vol %SSD% >> PROT.SCR
echo DETAIL DISK >> PROT.SCR
echo ATT DIS SET READONLY >> PROT.SCR
echo DETAIL DISK >> PROT.SCR
echo EXIT >> PROT.SCR
diskpart /s PROT.SCR
if not errorlevel 1 echo DISK containing volume %SSD% is now Read-Only!
if errorlevel 1 echo Write-Protect on SSD Failed! & pause
del PROT.SCR

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,125 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 October 2012 - 01:53 PM

Hey steve,
you're taking away a good half of the fun.... :w00t:
Just to keep things as together as possible:
http://www.msfn.org/...during-install/

:cheers:
Wonko

#11 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 15 October 2012 - 09:10 AM

Thanks very much steve6375,

I modified them a little, but they work

usbro.cmd




@echo off



TITLE USBRO.CMD



SET SSD=

echo RUNNING USBRO.CMD...

PAUSE



:: Place SSD.TAG file on the drive you want to protect

FOR %%i IN (C D E F G H I J K L N M O P Q R S T U V W X Y Z) DO IF EXIST %%i:SSD.TAG  SET SSD=%%i

echo found SSD.TAG

echo THE SSD IS %SSD% DRIVE!

echo LIST VOLUME >> PROT.SCR

echo SELECT VOLUME %SSD% >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo ATT VOL SET READONLY >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo EXIT >> PROT.SCR

diskpart /s PROT.SCR

if not errorlevel 1 echo DISK containing volume %SSD% is now Read-Only!

if errorlevel 1 echo Write-Protect on SSD Failed! & pause

del PROT.SCR




usbrw.cmd




@echo off



TITLE USBRW.CMD



SET SSD=

echo RUNNING USBRW.CMD...

PAUSE



:: Place SSD.TAG file on the drive you want to protect

FOR %%i IN (C D E F G H I J K L N M O P Q R S T U V W X Y Z) DO IF EXIST %%i:SSD.TAG  SET SSD=%%i

echo found SSD.TAG

echo THE SSD IS %SSD% DRIVE!

echo LIST VOLUME >> PROT.SCR

echo SELECT VOLUME %SSD% >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo ATT VOL CLEAR READONLY >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo EXIT >> PROT.SCR

diskpart /s PROT.SCR

if not errorlevel 1 echo DISK containing volume %SSD% is now Writable!

if errorlevel 1 echo Write-Protect on SSD Failed! & pause

del PROT.SCR




just wondering, this scrpt should work in a Vista/7/8 PE right?
but if I want to do this for XP would I have to make an XP install.wim and a custom PE?

#12 steve6375

steve6375

    Platinum Member

  • Developer
  • 4,995 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 15 October 2012 - 09:30 AM

If you boot from an XP ISO then I don't think XP diskpart supports the ATT command. If you mean to boot to WinPE v2/3/4 and install XP via a wim then it should work.

P.S. ATT VOL will only protect the SSD boot volume and not any other partiton on the SSD, whereas ATT DISK will protect the whole SSD disk - was there any reason you used ATT VOL???

P.P.S. The first line of the echo commands should use > and not >> (which means append) - otherwise PROT.SCR will just get bigger - e.g. if you run USBRO and then run USBRW it will not make the SSD RW again as the RO code will still be in the PROT.SCR file. If you are rebooting, then it won't matter though as the PROT.SCR file will be lost anyway.

#13 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 15 October 2012 - 11:46 AM

so that would be




@echo off



TITLE USBRO.CMD



SET SSD=

echo RUNNING USBRO.CMD...

PAUSE



:: Place SSD.TAG file on the drive you want to protect

FOR %%i IN (C D E F G H I J K L N M O P Q R S T U V W X Y Z) DO IF EXIST %%i:SSD.TAG  SET SSD=%%i

echo found SSD.TAG

echo THE SSD IS %SSD% DRIVE!

echo LIST VOLUME > PROT.SCR

echo SELECT VOLUME %SSD% >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo ATT DISK SET READONLY >> PROT.SCR

:: echo DETAIL DISK >> PROT.SCR

echo EXIT >> PROT.SCR

diskpart /s PROT.SCR

if not errorlevel 1 echo DISK containing volume %SSD% is now Read-Only!

if errorlevel 1 echo Write-Protect on SSD Failed! & pause

del PROT.SCR




right?
I've set it to that now,

and I'll be rebooting between usbro.cmd(pre-install) and usbrw.cmd(post-install)

#14 steve6375

steve6375

    Platinum Member

  • Developer
  • 4,995 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 15 October 2012 - 01:34 PM

I don't think you need the RW script at all. AFAIK this just sets the registry in WinPE to WP the SSD - as soon as you boot to Windows from the internal HDD then the Windows registry is used and the SSD will not be WP even if you connected it? Even if you booted to WinPE again then it would not be WP.

#15 Damnation

Damnation

    Member

  • Members
  • 78 posts
  •  
    Australia

Posted 15 October 2012 - 02:41 PM

Oh OK, that makes things alot easier, I thought it was a hardware setting on the drive, not a registry entry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users