Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Discussions related to using VirtualBox on Windows hosts.
Post Reply
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by scottgus1 »

In this thread the question was raised by forum guru Socratis whether raw disk access on a Windows host requires Virtualbox to be Run As Administrator.

TL;DR: every time I try raw disk access on a Windows host everything related to Virtualbox must be Run As Administrator. Anyone else have a different experience?

The rest of the story:
I remember having run a raw disk once and needing to use Run As Admin, but I tried it again. The following is my experiment on two hosts, one with Windows 10 Pro 1809 running Virtualbox 6.0.4, and the other with Windows 7 Pro sp1 running Virtualbox 5.2.28. Both hosts have UAC at the default 2nd-from-the-top slider level. Both hosts had another drive I could offline in Disk Management. On both hosts I had the same result running raw disk access.

There are two Vboxmanage commands that handle raw disk access:
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands listpartitions -rawdisk \\.\PhysicalDrive#

"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands createrawvmdk -filename driveletter:\path\to\rawdisk.vmdk -rawdisk \\.\PhysicalDrive#
When I tried these commands in a regular command prompt, I got "access denied" errors from Vboxmanage:
VBoxManage.exe: error: Cannot open the raw disk: VERR_ACCESS_DENIED
When I right-clicked the command prompt icon and chose Run as Administrator, both commands succeeded.

When I ran the main Virtualbox window normally to attach the raw disk vmdk to a guest, this error popped up:
Failed to open the disk image file C:\Users\Public\rawdisk.vmdk.

Permission problem accessing the file for the medium 'C:\Users\Public\rawdisk.vmdk' (VERR_ACCESS_DENIED).
When I right-click-ran the main Virtualbox window as Administrator, I was successfully able to attach the raw disk vmdk to a guest.

When I ran the main Virtualbox window normally to start the guest with the attached raw disk, the raw disk was labeled 'inaccessible' and the guest would not start, instead throwing an error:
Failed to open a session for the virtual machine XP.

Could not open the medium 'C:\Users\Public\rawdisk.vmdk'.

VD: error VERR_ACCESS_DENIED opening image file 'C:\Users\Public\rawdisk.vmdk' (VERR_ACCESS_DENIED).
When I right-click-ran the main Virtualbox window as Administrator, I was successfully able to start the guest.

I also tried the Window 7 host with UAC turned all the way down. Interesting results developed with the accounts, but full-bore Admin privileges were still required to make and attach a raw disk, and to run a guest with a raw disk.

Normally, Windows Vista & later splits off certain capabilities from the accounts with Administrator privileges and requires even Admin accounts to click in the UAC box to 'prove' that the Admin wanted to run this particular command. Supposedly this puts a limit on malware & mal-users. I discovered that when UAC is slid all the way down, the split-off of capabilities is deactivated and the account behavior goes back to XP days: Admin accounts are full-on Administrator, and everything runs as if Run as Admin was chosen. User-privilege accounts cannot run anything as Admin, and the right-click-Run-as-Admin on a user account still runs the started program as regular user.* (I did not try the runas command to see if admin privileges on a user account could be obtained like XP could.)

On the Windows 7 host where UAC was turned completely down, only the Admin account could run the raw disk commands or attach the raw disk and run the guest in Virtualbox. The user account was blocked at every turn with 'access denied' errors.

From the above I deduce that on a UAC-enabled Windows host, right-click-Run-As-Admin is required for both the command prompt and the main Virtualbox window to set up, attach, and run a guest with a raw disk. A "UAC-off" Windows host requires the running account to be an Admin account, and everything will be at Run-As-Admin privileges already.

Has anyone been able to run Virtualbox normally, not Run As Admin, and set up & run a Virtualbox raw disk guest?


* When the UAC was fully down, I was able to notice the full-on Administrator privileges by noticing something about the command prompt: On a UAC-enabled PC, a regular-run command prompt does not have full admin privileges. The command prompt has to be right-click-run-as-admin to get a full admin command line, and the command prompt window title has an 'Administrator' tag in the title to show the extended privileges. When my host had UAC turned completely down and I was logged in on the admin account, every command prompt window has the 'Administrator' tag in the title, whether it is run regular or right-click-run-as-admin.

Also, when doing experiments with the Hosts file, I have had to run Notepad as Admin to be able to save my edits. On the turned-down-UAC admin account, running Notepad regular allowed Notepad to edit Hosts, without running as Admin.

These behavior changes lead me to conclude that when UAC is all the way down, all programs that are started in an admin account 'run as admin'. User accounts can never run anything as admin when UAC is all the way down. I googled a bit and found this from Microsoft:
The slider will never turn UAC completely off. If you set it to Never notify, it will:
Keep the UAC service running.
Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
Automatically deny all elevation requests for standard users.
AndreasPlesch
Posts: 1
Joined: 20. Mar 2020, 15:41

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by AndreasPlesch »

Thanks for sharing this. I also needed to run VirtualBox as administrator to gain access to a raw disk on win10. I had to use raw disk access to be able to mount a partition on the linux host which had been used as md software raid volume, in mirror mode, and subsequently just directly as backup ext4 partition.

Let me just record a few issues along the way:

- I had to connect the 4TB disk directly with a sata cable. A usb converter did not properly represent the drive to windows.

- LinuxReader could see the partition but not mount it correctly

- I had to be admin for both to create vmdk and also to then run VirtualBox (as described above)

- Then a recent debian based linux host could mount the partition without problems (yeah, 4TB backup)
alexdc
Posts: 1
Joined: 24. Jun 2021, 09:05

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by alexdc »

Hello
I confirm the same issue with Windows 10 host (version 1909).
I followed the recommendations of Ticket #8760. The vmdk files seem fully accessible as a normal user. But at the end, I always need to start Virtualbox as administrator to use the virtual machine which make use of it.

The direct access to "\\.\PhysicalDrive0" is probably limited to administrators, but I see no way to overcome this.

Regards
Zpslon
Posts: 5
Joined: 10. Mar 2020, 16:40

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by Zpslon »

1. You need to block the physical disk, with standart Windows tools. I prefer this program LockDismount v0.3.0.0 (http://reboot.pro/topic/12413-lockdismo ... 00-update/), it's more convenient for me
2. Run Vbox as admin, and now Vbox will have full access to usb disk. Without blocking disk only read access works.
Last edited by Zpslon on 26. Jun 2021, 06:10, edited 1 time in total.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by scottgus1 »

alexdc wrote:direct access to "\\.\PhysicalDrive0" is probably limited to administrators, but I see no way to overcome this.
This is what I have found too. Running as Admin is needed for everything with Raw Disk Access on Windows hosts.
Zpslon wrote:LockDismount v0.3.0.0
Interesting tool, Zpslon! It appears that "LockDismount" can run in the command-line, whereas the Windows Disk Management is only GUI. A command-line tool can be useful, especially in batch files, and if figuring out Windows' "Diskpart" gets over one's head. Thanks for the contribution!
ienaxxx
Posts: 1
Joined: 22. Apr 2022, 16:09

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by ienaxxx »

Have you tried to add " SeSystemEnvironmentPrivilege" (Modify firmware environment values) permission to your users or groups, using GPEDIT?
I have an auditing policy in place and everytime I try to launch the VM with raw disk as a normal user I can see a 4673 error in the event viewer (security) stating that the VirtualBox executable (VirtualBoxVM.exe) tried to use that privilege.

You can assign yourself this permission by launching (as admin) gpedit, going to computer configuration->windows settings->security settings->local policies->user rights assignment

Unfortunately I can't test it because, although I'm admin, I'm under strict policies and cannot modify those settings via gpedit anymore. So I ended up launching Vbox as admin every time i need it, but hopefully this can be helpful to you...

Anyway, if you can enable privilege use auditing, you'll be able to see errors in the windows security events log for each and every blocked user privilege use.

P.S. This is official MS reference: docs . microsoft . com /en-us/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values
Industrial
Posts: 119
Joined: 10. Mar 2012, 07:36

Re: Raw Disk Access on a Windows Host - Run Virtualbox as Administrator?

Post by Industrial »

I tried all the tips here, running as admin, using that lockdismount tool, making sure Administrator has rights to Modify firmware environment values in gpedit. Nothing worked. I am still getting the sharing violation error.
C:\Users\Admin>"c:\program files\oracle\virtualbox\VBoxManage.exe" createmedium disk --filename C:\5
00GBSSD.vmdk --format VMDK --variant RawDisk --property RawDrive=\\.\PhysicalDrive2
0%...VBOX_E_FILE_ERROR
VBoxManage.exe: error: Failed to create medium
VBoxManage.exe: error: Could not create the medium storage unit 'C:\500GBSSD.vmdk'.
VBoxManage.exe: error: VMDK: could not open raw disk file '\\.\PhysicalDrive2' (VERR_SHARING_VIOLATI
ON)
VBoxManage.exe: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component MediumWrap, interface
IMedium
VBoxManage.exe: error: Context: "enum RTEXITCODE __cdecl handleCreateMedium(struct HandlerArg *)" at
line 634 of file VBoxManageDisk.cpp
EDIT: I found the problem, it was Diskcheckup, a SMART monitoring tool for drives. Closed it and was able to create the VMDK.
Post Reply