No announcement yet.

X:\ is not accessible. The media is write protected [Solved]

  • Filter
  • Time
  • Show
Clear All
new posts

  • X:\ is not accessible. The media is write protected [Solved]

    While trying to mount an image in OSFMount you might get this error from the operating system.

    X:\ is not accessible.
    The media is write protected

    With X: being the drive you are trying to mount.

    In most cases it is possible to mount NTFS drives as a read only devices ,except in old versions of Windows like Windows 2000. But in some case it seems Windows throws the error above if an image is mounted with the read only check box set, AND the image came from a different machine.

    For example we saw the problem mounting an image in Win7 of the boot drive from an old XP machine.

    The solution to the problem seems to be to allow both reading and writing to the image when initially mounted on a new machine. After the initial mount as a R/W device, you can then immediately dismount the drive and re-mount it as read only.

    Poking around in at a deeper level it seems that Win7 wants to make an update to the "$Secure" file during the first mounting of the image. $Secure is a hidden NTFS file in the file system with the Access control list (ACL) database. So maybe it is adding a SID (Security Identifier) to the ACL for the new machine? If anyone knows the exact details feel free to post them.

  • #2
    I was experiencing this on some machines, and beginning to think that I had found some new trojan.

    Thank you for running this down; but I would take issue with marking it as "Solved". I have a read-only USB (write protection is enabled on it with a dip switch; the "Kanguru"...), and the operating system won't let me access it until it "signs" it with this SID. So your solution of giving the system write access would defeat the whole purpose as to why you would have a read-only drive (for example, you want complete assurance that the media on the drive has not been altered in any way...)


    • #3
      The initial issue was with our OSFMount software not with a Kanguru drive. So from our point of view the solution we provided would solve it for most people.

      If you really need nothing altered, not even a few bits in the SID, then the alternative solution is to use our OSForensics software and then browse the drive in forensics mode. Doing this completely by passes the security & permission settings on the drive and allows the drive to be read without needing any write permissions. If you need more details on doing this let me know.


      • #4

        Can't you implement some fake write mechanism in OSFMount to circumvent that Windows bug ^D^D^D humm I mean feature ?

        It is not enough to do what you told i.e. to allow a one time write mount:

        Now I am using an adminstrator account and I can't even browse some user account files on an image mounted as read-only because windows explorer tells me I have not enough permission to do so. It wants to permanently change the permission on the user folder ???

        ACL NTFS nightmare ?


        • #5
          As noted above, the simple alternative solution is to use our OSForensics software.
          It does direct disk access, totally bypassing all file permission issues and doesn't write anything to the image.

          Or a 3rd easy solution is to duplicate the image file, mount the duplicate as Read / Write. Then when you are finished delete the duplicate and keep the original untouched image.