Why? Well, if you have a drive filled with media that should never be altered, this will most likely protect your files from being secretly altered by media library and player software, and should also protect your files from most ransomware software, from antivirus software, and any friends or co-workers who have access to your drive.
There are 3 methods, and they can be used in combination with one another.
- Setting the DISK to READONLY (the physical drive)
- Setting the PARTITION(s) to READONLY (GPT partitions only, not MBR partitions)
- Setting the VOLUME(s) to READONLY (NTFS, FAT32, exFAT, etc volume letters like E:\) (not supported on some thumbdrives)
A DISK contains one-or-more PARTITIONS, and a PARTITION contains one-or-more VOLUMES. When setting and unsetting the readonly state of these, they must be done in order as you cannot alter the state of a volume when its partition or disk is currently readonly.
Code: Select all
DISKPART
SEL VOL E:
Code: Select all
LIST DISK
LIST PART
LIST VOL
DETAIL DISK
DETAIL PART
DETAIL VOL
Code: Select all
ATTR VOL SET READONLY
GPT ATTRIBUTES=0x1000000000000001
ATTR DISK SET READONLY
Code: Select all
ATTR DISK CLEAR READONLY
GPT ATTRIBUTES=0x0000000000000000
ATTR VOL CLEAR READONLY
- 0x0000000000000001 Specifies that the partition is required and must not be deleted (re-partitioned).
- 0x1000000000000000 Specifies that the partition is read-only, preventing the volume from being written to.
GPT partitions are required for any volume that exceeds 2 terabytes.
These short BATCH .CMD files should make it easy to set and unset the READ-ONLY state of a simple disk with only a single volume drive letter, aka, most disks.
Code: Select all
:: name :: disk-readonly.cmd
:: purpose :: sets the READONLY state of the current drive letter's
:: :: volume, partition and disk via DISKPART commands.
:: author :: raccoon
:: revision :: 2016 september - initial version
:: :: 2022 february - added GPT partition readonly
:: ::
:: notes :: copy this and the writable script to a drive you wish to set to
:: :: readonly and writable. useful to prevent accidental file deletion
:: :: or tampering by antivirus software or malware.
:: :: the script must be run 'As Administrator', so right-click on it.
:: :: it will attempt to write-protect your disk using 3 methods;
:: :: disk level, partition level, and volume level attributes.
:: :: only GPT (not MBR) partitions can be set READONLY, and some
:: :: thumb-drives don't support setting the volume to READONLY, so
:: :: ignore those errors if you encounter them. -- raccoon
@echo off
fltmc >nul 2>&1 && ( goto admin ) || ( goto noadmin )
:noadmin
echo This script must be 'Run As Administrator'.
echo Exiting...
echo/
goto end
:admin
echo Setting drive %~d0 to READONLY...
echo --^>^> ARE YOU SURE? ^<^<--
echo/
pause
echo/
echo ... ok, this can take a while ...
echo/
( echo select volume %~d0
echo attributes volume set readonly
echo gpt attributes=0x1000000000000001
echo attributes disk set readonly
echo detail disk
echo list partition
echo detail partition
echo detail volume ) | diskpart
echo/
echo/
echo ... Drive %~d0 should now be READONLY.
echo/
:end
pause
Code: Select all
:: name :: disk-writable.cmd
:: purpose :: unsets the READONLY state of the current drive letter's
:: :: volume, partition and disk via DISKPART commands.
:: author :: raccoon
:: revision :: 2016 september - initial version
:: :: 2022 february - added GPT partition readonly
:: ::
:: notes :: copy this and the readonly script to a drive you wish to set to
:: :: readonly and writable. useful to prevent accidental file deletion
:: :: or tampering by antivirus software or malware.
:: :: the script must be run 'As Administrator', so right-click on it.
:: :: it will attempt to write-protect your disk using 3 methods;
:: :: disk level, partition level, and volume level attributes.
:: :: only GPT (not MBR) partitions can be set READONLY, and some
:: :: thumb-drives don't support setting the volume to READONLY, so
:: :: ignore those errors if you encounter them. -- raccoon
@echo off
fltmc >nul 2>&1 && ( goto admin ) || ( goto noadmin )
:noadmin
echo This script must be 'Run As Administrator'.
echo Exiting...
echo/
goto end
:admin
echo Setting drive %~d0 to WRITABLE...
echo --^>^> ARE YOU SURE? ^<^<--
echo/
pause
echo/
echo ... ok, this can take a while ...
echo/
( echo select volume %~d0
echo attributes disk clear readonly
echo gpt attributes=0x0000000000000000
echo attributes volume clear readonly
echo detail disk
echo list partition
echo detail partition
echo detail volume ) | diskpart
echo/
echo/
echo ... Drive %~d0 should now be WRITABLE.
echo/
:end
pause