Jump to content











Photo
- - - - -

Windows 10 + VHD + Bitlocker bug?


  • Please log in to reply
24 replies to this topic

#1 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 28 January 2016 - 11:37 PM

I'm not sure why this is occuring and I am hoping someone can help me find a way around it.  I use a batch script to attach a bitlocker-encrypted VHD using diskpart.  Whenever I attach the VHD, windows 10 immediately tries to explore the new drive and pops up a blank  explorer window and an error "H:\ is not accessible.  Access is denied."

Then I get a notification from Windows that the drive is bitlocker encrypted. After I enter the password a new explorer window opens with the VHD contents.  Does anyone here have any suggestions on how to prevent the initial explorer window from opening.  The diskpart script I am using is a follows:

 

select vdisk file="C:\Users\USERNAME\Desktop\7900.vhd"
attach vdisk

 

and I call it via diskpart /s from an elevated batch file.

 

Thanks in advance,

 

Rocky Essing

 

 



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 January 2016 - 07:13 PM

I am not too sure whether this is a bug or if it happens "by design" instead.

What happens if you select the actual partition *like* :

https://isc.sans.edu...ntainers/20593/

 

:duff:

Wonko



#3 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 29 January 2016 - 10:43 PM

I'm not sure what you are suggesting.  Here is a process to replicate the issue:

1) Create VHD

   a)Create partition

   b)Format NTFS

2) Turn on bitlocker

3) detach or Eject VHD

3) attach via diskpart

 

Please note that this seems to affect Windows 10 only.  Every other version of windows I've tried simply pops up the bitlocker dialog.


Edited by Rocky Essing, 29 January 2016 - 10:44 PM.


#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 30 January 2016 - 09:34 AM

The given reference uses 3 (three) commands to attach the vdisk:



select vdisk file="c:\container.vhd"
select partition 1
attach vdisk

you reported using 2 (two) of them:



select vdisk file="C:\Users\USERNAME\Desktop\7900.vhd"
attach vdisk

I was asking if what you reported happens the same if you use the three commands, i.e. selecting the partition BEFORE issuing the attach command. :unsure:

The given reference also reports that in Windows 10 seemingly double clickiing on the VHD file works fine to mount it without needing to use diskpart, possibly a shortcut to the .vhd will work as well. :dubbio: 

 

:duff:

Wonko



#5 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 01 February 2016 - 06:19 AM

That doesn't actually work.  Since you haven't attached the disk yet, you get the following error:

 

There is no disk selected to set the partition.
Select a disk and try again.

 

Windows 10 does support  mounting VHDs and ISOs by double clicking on them.  This batch is for backwards compatibility with windows 7, which does not.  It would be nice to have a solution that worked for both.

 

I also tested double clicking on the VHD and it causes the same issue, so apparently diskpart is not to blame.  I'm pretty sure this is just a bug in Windows 10, but I appreciate you taking the time to try to help me.


Edited by Rocky Essing, 01 February 2016 - 06:28 AM.


#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 01 February 2016 - 11:32 AM

So basically the given reference is inaccurate :( but I am more perplexed by the commenter's report abut the right click feature working on Windows 10.

Is it false? :w00t: :ph34r:

Maybe the issue is due to some service/component (or third party tool, let's say a real-time anti-virus for the sake of the reasoning) attempting to access the volume before it is actually mounted.  :unsure:

(this would explain the report of success and your different outcome, due to a diofferent configuration on your system)

 

:duff:

Wonko



#7 AnonVendetta

AnonVendetta

    Silver Member

  • Advanced user
  • 648 posts
  • Location:A new beginning.....
  • Interests:Self-development, computing

Posted 01 February 2016 - 12:49 PM

It's possible that Windows 10 considers the VHD to be a removable device, and automatically assigns it a drive letter. I'm not sure how to disable this (maybe in Autoplay settings?). Of course, the VHD isn't accessible at that point because you haven't yet entered the password, hence the error.



#8 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 03 February 2016 - 01:12 AM

In Windows 10 you can right-click and choose mount for a VHD.  It will very nicely mount it and open an explorer window to show you the contents(Double-clicking also works).  It appears, however, that Microsoft did not foresee the possibility of people applying Bitlocker to VHDs.  At least, not in windows 10.


Edited by Rocky Essing, 03 February 2016 - 01:15 AM.


#9 cdob

cdob

    Gold Member

  • Expert
  • 1392 posts

Posted 03 February 2016 - 05:25 AM

Idea: set attribute nodefaultdriveletter.
https://technet.micr...y/gg252643.aspx

Which results do you get now?
Do you get a bitlocker encrypted message at all?

Or remove the drive letter at a detach script.

#10 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 04 February 2016 - 10:15 PM

cdob : Good Idea, but that attribute doesn't seem to "stick" on VHDs.  I tried mounting the VHD, setting that attribute, ejecting the VHD and mounting it again.  I got the same error as before.



#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 February 2016 - 08:13 AM

In Windows 10 you can right-click and choose mount for a VHD.  It will very nicely mount it and open an explorer window to show you the contents(Double-clicking also works).  It appears, however, that Microsoft did not foresee the possibility of people applying Bitlocker to VHDs.  At least, not in windows 10.

Well, then the report on the given reference specifically about bitlockered VHD's mounting on Windows 10 with right click is also false. :frusty:

 

Maybe playing with the sanpolicy and/or noautomount? :unsure:

 

Some reference:

http://reboot.pro/to...t-combinations/

 

:duff:

Wonko



#12 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 05 February 2016 - 10:59 PM

I really don't want to mess with something that low-level.  This script is for a VHD which resides on a Flash Drive and is used on multiple computers.  Unless I can figure out a way to fix this from the command line, I will need to wait and hope that microsoft patches this issue.



#13 garuda24

garuda24
  • Members
  • 1 posts
  •  
    Abu Dhabi

Posted 14 February 2017 - 04:13 PM

Created a new account just to say... this is still an issue in 2017.

 

At least I know it's not just me, thanks for posting!



#14 Gunnar Haslinger

Gunnar Haslinger
  • Members
  • 2 posts
  •  
    Austria

Posted 23 February 2018 - 04:37 PM

Issue can be solved by creating the Partition with ID 27 = Recovery Partition first, and after formating the Partition change to regular data-Partition ID. Recovery-Partitions are not Auto-mounted.

 

See my Script here - this works:

https://github.com/g...X-Container.bat



#15 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 23 February 2018 - 08:40 PM

Good :) ,

just for the record "Normal" EXFAT is Partition ID 07, not partiton ID 06 (which is a primary DOS volume FAT 16 up to 32 mb).

 

In case of need, it is possible to send DISKPART commands without needing a temporary script file, and in case you want to have it, there is no need to delete it before, you can use a single redirection character in first command to overwrite it .

 

:duff:

Wonko



#16 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 24 February 2018 - 10:36 PM

Cool.  I will have to try this.  I will report back later with my findings.  Thanks for the tip.  One question...since you are changing the partition ID, It's no longer a recovery partition, so why doesn't Windows try to automount it?



#17 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 25 February 2018 - 07:31 AM

Unfortunately, this did not work.  I used your script to create a new container and then mounted it with diskpart.  Windows immediately complained that V: is not accessible.  https://www.dropbox....apture.PNG?dl=0



#18 Gunnar Haslinger

Gunnar Haslinger
  • Members
  • 2 posts
  •  
    Austria

Posted 09 March 2018 - 09:19 AM

Partitions with ID 06 (FAT) or 07 (EXFAT) are automounted.

Partitions with ID 27 (Recovery Partition) are not automounted.

 

Your Screenshot shows not my script. You obviously attach a already existing (and probably not paritioned with ID 27) vhdx.

My Script creates a new vhdx, creates a Partition with id=27 and attaches it. This doesn't trigger automount.



#19 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 09 March 2018 - 12:37 PM

... (and probably not paritioned with ID 27) vhdx....

 

That would be consistent with the difference in commands highlighted in post #4.

Maybe it is a non-partitioned .vhdx (aka a superfloppy)? :unsure:

 

:duff:

Wonko



#20 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 11 March 2018 - 11:43 PM

Yes, that was your script.  Try this:  Run your script and then eject the drive.  the next time you attach it, the error will appear.  I suspect that your script only works because you are assigning the drive letter and then running bitlocker.  Since the drive letter is already assigned, windows doesn't see it as a new disk and doesn't try to mount it.  Attaching the VHD afterward, without a drive letter assigned, triggers windows to auto mount it.

 

Also, your script sets the ID back to 07.


Edited by Rocky Essing, 11 March 2018 - 11:44 PM.


#21 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 March 2018 - 11:31 AM

Yes, that was your script.  Try this:  Run your script and then eject the drive.  the next time you attach it, the error will appear.  I suspect that your script only works because you are assigning the drive letter and then running bitlocker.  Since the drive letter is already assigned, windows doesn't see it as a new disk and doesn't try to mount it.  Attaching the VHD afterward, without a drive letter assigned, triggers windows to auto mount it.

 

Also, your script sets the ID back to 07.

And what happens if - before detaching the VHD - you set the partition ID back to 27?

Or to 17 that means "hidden" partition of type 07.

 

:duff:

Wonko



#22 Rocky Essing

Rocky Essing

    Newbie

  • Members
  • 15 posts
  •  
    United States

Posted 12 March 2018 - 11:48 AM

If I comment out then line that sets the id back to 07 , the behavior is the same.  If I set it to 17, then the script gets an error when it attempts to assign a drive letter.  It says, "There is no volume specified."  It looks like I could avoid the "access is denied" error if I could preassign a drive letter in diskpart before attaching the VHD. 


Edited by Rocky Essing, 12 March 2018 - 11:50 AM.


#23 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 March 2018 - 12:33 PM

If I comment out then line that sets the id back to 07 , the behavior is the same.  If I set it to 17, then the script gets an error when it attempts to assign a drive letter.  It says, "There is no volume specified."  It looks like I could avoid the "access is denied" error if I could preassign a drive letter in diskpart before attaching the VHD. 

I was trying to say something different.

 

The experiment to try is IMHO:

1) run the batch or however have a non-mounted, non-attached VHD with a bitlockered partition in it marked (in the partition table of the VHD file) normally as 0x07

2) hex edit the partition ID on file (that will be offset 450) to either 17 or 27

3) attempt to attach the VHD via diskpart

 

There should be no attempt to assign a drive letter to the "Hidden" or "Reserved" partition.

 

Then try using Mountvol to assign a drive letter to it.

 

Or - alternatively - try mountstorPE or showdrive:

 

http://reboot.pro/to...-line-possible/

 

:duff:

Wonko



#24 WebSmith

WebSmith
  • Members
  • 1 posts
  •  
    United Kingdom

Posted 13 March 2018 - 07:32 PM

I had the same issue and found that it was just Autoplay trying to open the drive/folder.

 

To get around the issue I just right clicked on the mounted drive in My Computer then "Open Autoplay..." and selected "Take no action".

 

This means it's not then trying to take any action automatically before you unlock the drive.

 

Hope this helps.



#25 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14267 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 March 2018 - 12:15 PM

I had the same issue and found that it was just Autoplay trying to open the drive/folder.

 

To get around the issue I just right clicked on the mounted drive in My Computer then "Open Autoplay..." and selected "Take no action".

 

This means it's not then trying to take any action automatically before you unlock the drive.

 

Hope this helps.

Interesting. :)

I would have never thought about that, I always disable autorun on all media/devices.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoDriveTypeAutoRun 0xFF

 

Maybe there is a setting to exclude attached VHD's if the above is "too wide", cannot say how an attached VHD is "classified" :unsure:

http://www.samlogic....typeautorun.htm

https://support.micr...lity-in-windows

 

:duff:

Wonko




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users