Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

USB Drive Unable to mount as restricted user

Status
Not open for further replies.
utah007

utah007

IS-IT--Management
Mar 25, 2002
12
0
0
US
This has been driving me crazy.
All the lab machines at my site run as a restricted domain user. Some USB drives will work just fine. Mount, assign drive letter, and auto play.

The problem I'm having is that a few thumb drives have recently started giving the message. "Unable to install new hardware. Contact your Administrator."

At first I thought it was the Autorun kicking up something like the Lexar encryption software. But no, it was the plug & pray framework crapping out as a restricted user.

If I install the drive as admin, then it will work fine. But as restricted, it will not.

I've done regmon + filemon to find what areas I need to relax permissions on to no avail.

The event log doesn't list any possible cause. The only thing that does is the %systemroot%\setupapi.log
After exhaustive searching of the errors found therein, I have thrown up my hands.

Has anyone else ran into this problem and found a solution?
 
Sort by date Sort by votes
It is a permissions issue. You could use NTRIGHTS.EXE to add additional user rights to work around the problem.

But, the real problem is that some, very few but some, USB pen drives report themselves to XP as fixed disks, non-removable.

You would be best not using this type of USB pen drive.

This is not an AutoPlay issue.



____________________________
Users Helping Users
 
Upvote 0 Downvote
I know it isn't an auto-play issue and I know it is a permissions issue.

As for NTRIGHTS.EXE it appears to perform a similar function to Group Policies, so I've never had occasion to need it.

I'll give it a shot, though. I'm assuming something like:
ntrights.exe +r SeLoadDriverPrivilege "Users"


 
Upvote 0 Downvote
You need several rights, including the rights to create tokens, to create permanent shared objects, the right to load and unload device drivers, the right to set the firmware environment, and the right to act as part of the operating system.

It would be easier to make them XP Power users with SeLoadDriverPrivilege because by the time you are done that is essentially what you would have done.

Note: The XP Power User is nowhere near as capable as its Win2k equivalent.

Whether you use Group Policy or NTRIGHTS.EXE is up to you. For non-Domain settings I offered the NTRIGHTS.EXE alternative as it is perfectly scriptable.





____________________________
Users Helping Users
 
Upvote 0 Downvote
Are there any policy restrictions you have in place involving "Allowed to format and eject removable media"?
 
Upvote 0 Downvote
No luck.

ntrights.exe +r SeLoadDriverPrivilege -u "Everyone"
and
ntrights.exe +r SeLoadDriverPrivilege -u "Users"

They both report running successfully as an Admin user, however, plugging in the USB drive has the same results.
 
Upvote 0 Downvote
I tried the different rights as you suggested with no luck.
In desperation I figured I would try a Power User.
However, not even a Power User can install this particular LEXAR device.

I know that if I reimage this, the problem will go away. But will eventually come back.

I can't seem to find the trigger that causes it to come back.
Is it after a certain number of drives have been plugged in it says "That's it, no more!"

 
Upvote 0 Downvote
The enumeration limit is 26 alphabetic characters.

A Win2k Power User with the addition of Load/Unload Device drivers can install the device.

An XP Power User is nowhere near as priviliged as the Win2k equivalent.

You would need to give the XP Power Users group all the permissions of the Win2k Power User; plus, Load/Unload device driver.

I explained at least four additonal rights required for the XP Power user in addition to Load/unload device drivers. There are likely more. The following are the combined permissions you would need for a non-Administrator or Power User under XP:

SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeLockMemoryPrivilege
SeMachineAccountPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeCreatePagefilePrivilege
SeCreatePermanentPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeChangeNotifyPrivilege



____________________________
Users Helping Users
 
Upvote 0 Downvote
To approach this from a different direction, lets see if we can make XP believe the drive is removable.

See:


A note from MS-MVP Bert Kinney:

"Dear customer
We are sending you the new Lexar Jump Drive Secure II software to take the place of your older secure software that came on your drive, it's easy to use, create your secure vaults , password protected etc, you will need to back up your data from your drive and save it, then repartition your drive to 100% public if you have the JDS drive and then reformat the drive. Run the new software from the drive..it must be placed on the drive and ran from the drive this should fix any problems you are having with restore points."

Bert's note was that by reformatting the drive with the newer software obtained from Tech Support the drive appeared as a removable and not fixed drive. This change in status of the device likely will allow an installation by the limited user.





____________________________
Users Helping Users
 
Upvote 0 Downvote
Is the Logical Disk Manager Admin Service or the Logical Disk Manager Service disabled?
 
Upvote 0 Downvote
Thanks to trying to respond to linney I realized my link above makes no sense. I was trying to use this link:


But I suspect I had better just quote it:
FAQ
When I insert my JumpDrive Secure, it shows up as a Local Drive on my computer. Why isn't the JumpDrive Secure showing up as a removable drive?

Answer
The JumpDrive Secure will show up only as a local drive because it allows you to partition your drive.

Most Lexar JumpDrives will show up as removable drives when viewed in My Computer. However, since the JumpDrive Secure is bundled with software that has additional features other than as a storage device, it requires the device to be configured as a non-removable device for partitioning public and private zones.

If you would like to remove the Secure feature on this JumpDrive and use it as a 100% public drive, you can do so by deleting the Secure software and formatting your JumpDrive.

Please make sure to back up your data prior to formatting your JumpDrive.

Source: Lexar Technical Support
Click to expand...


____________________________
Users Helping Users
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Unable to map a drive
Replies
12
Views
206
dpellegrini
dpellegrini
grnzbra
  • Locked
  • Question
Formatting Full Hard Drive 1
Replies
7
Views
165
austinpctech
austinpctech
Flinx
  • Locked
  • Question
unable to update microsoft edge 2
Replies
3
Views
648
Rick998
Rick998
Sebastian42
  • Locked
  • Question
Getting a drive REdetected
Replies
18
Views
237
Rick998
Rick998
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
200
guitarzan
guitarzan

Part and Inventory Search

Sponsor

Back
Top