Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Discussions related to using VirtualBox on Windows hosts.

Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Postby scottgus1 » 9. Jun 2019, 20:21

In this thread the question was raised by forum guru Socratis whether raw disk access on a Windows host requires Virtualbox to be Run As Administrator.

TL;DR: every time I try raw disk access on a Windows host everything related to Virtualbox must be Run As Administrator. Anyone else have a different experience?

The rest of the story:
I remember having run a raw disk once and needing to use Run As Admin, but I tried it again. The following is my experiment on two hosts, one with Windows 10 Pro 1809 running Virtualbox 6.0.4, and the other with Windows 7 Pro sp1 running Virtualbox 5.2.28. Both hosts have UAC at the default 2nd-from-the-top slider level. Both hosts had another drive I could offline in Disk Management. On both hosts I had the same result running raw disk access.

There are two Vboxmanage commands that handle raw disk access:
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands listpartitions -rawdisk \\.\PhysicalDrive#

"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands createrawvmdk -filename driveletter:\path\to\rawdisk.vmdk -rawdisk \\.\PhysicalDrive#

When I tried these commands in a regular command prompt, I got "access denied" errors from Vboxmanage:
VBoxManage.exe: error: Cannot open the raw disk: VERR_ACCESS_DENIED

When I right-clicked the command prompt icon and chose Run as Administrator, both commands succeeded.

When I ran the main Virtualbox window normally to attach the raw disk vmdk to a guest, this error popped up:
Failed to open the disk image file C:\Users\Public\rawdisk.vmdk.

Permission problem accessing the file for the medium 'C:\Users\Public\rawdisk.vmdk' (VERR_ACCESS_DENIED).

When I right-click-ran the main Virtualbox window as Administrator, I was successfully able to attach the raw disk vmdk to a guest.

When I ran the main Virtualbox window normally to start the guest with the attached raw disk, the raw disk was labeled 'inaccessible' and the guest would not start, instead throwing an error:
Failed to open a session for the virtual machine XP.

Could not open the medium 'C:\Users\Public\rawdisk.vmdk'.

VD: error VERR_ACCESS_DENIED opening image file 'C:\Users\Public\rawdisk.vmdk' (VERR_ACCESS_DENIED).

When I right-click-ran the main Virtualbox window as Administrator, I was successfully able to start the guest.

I also tried the Window 7 host with UAC turned all the way down. Interesting results developed with the accounts, but full-bore Admin privileges were still required to make and attach a raw disk, and to run a guest with a raw disk.

Normally, Windows Vista & later splits off certain capabilities from the accounts with Administrator privileges and requires even Admin accounts to click in the UAC box to 'prove' that the Admin wanted to run this particular command. Supposedly this puts a limit on malware & mal-users. I discovered that when UAC is slid all the way down, the split-off of capabilities is deactivated and the account behavior goes back to XP days: Admin accounts are full-on Administrator, and everything runs as if Run as Admin was chosen. User-privilege accounts cannot run anything as Admin, and the right-click-Run-as-Admin on a user account still runs the started program as regular user.* (I did not try the runas command to see if admin privileges on a user account could be obtained like XP could.)

On the Windows 7 host where UAC was turned completely down, only the Admin account could run the raw disk commands or attach the raw disk and run the guest in Virtualbox. The user account was blocked at every turn with 'access denied' errors.

From the above I deduce that on a UAC-enabled Windows host, right-click-Run-As-Admin is required for both the command prompt and the main Virtualbox window to set up, attach, and run a guest with a raw disk. A "UAC-off" Windows host requires the running account to be an Admin account, and everything will be at Run-As-Admin privileges already.

Has anyone been able to run Virtualbox normally, not Run As Admin, and set up & run a Virtualbox raw disk guest?


* When the UAC was fully down, I was able to notice the full-on Administrator privileges by noticing something about the command prompt: On a UAC-enabled PC, a regular-run command prompt does not have full admin privileges. The command prompt has to be right-click-run-as-admin to get a full admin command line, and the command prompt window title has an 'Administrator' tag in the title to show the extended privileges. When my host had UAC turned completely down and I was logged in on the admin account, every command prompt window has the 'Administrator' tag in the title, whether it is run regular or right-click-run-as-admin.

Also, when doing experiments with the Hosts file, I have had to run Notepad as Admin to be able to save my edits. On the turned-down-UAC admin account, running Notepad regular allowed Notepad to edit Hosts, without running as Admin.

These behavior changes lead me to conclude that when UAC is all the way down, all programs that are started in an admin account 'run as admin'. User accounts can never run anything as admin when UAC is all the way down. I googled a bit and found this from Microsoft:
The slider will never turn UAC completely off. If you set it to Never notify, it will:
Keep the UAC service running.
Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
Automatically deny all elevation requests for standard users.
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
Volunteer
 
Posts: 4631
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Win7

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 74 guests