Volume has been mounted as read-only because the operating system reported the host device to be wirte-protected.

[Mr.T]

Hi all,

hope somebody can give me a helping hand. I have a AD connected PC; having lastly some change done, and since then when I try to get my logical volume mounted I get a error message like this:

Volume has been mounted as read-only because the operating system reported the host device to be wirte-protected.

Please note that some custom chipset drivers have been reported to cause writable media to falsely appear write-protected. This problem is not caused by VeraCrypt. It may be solved by updating or uninstalling any custom (non-Microsoft) chipset drivers that are currently installed on this system.

My SSD is on "Standad SATA AHCI Controller" driver, signed by Microsoft. Storage Controllers: Microsoft Storage spaces controller & Standard NVM Express Controller.

Having one SSD; split into 2 logical volumes (1x NTFS system, 1 volume for veracrypt).

[Mr.T]

Company is trying to use BitLocker of course, forgot to mention, but the SSD is not (yet) encrypted by BitLocker, as I prefer VeraCrypt.
Tried to get it solved via DiskPart, however that fails removing read-only: DiskPart failed to clear disk attributes.

[RealTehreal]

When the OS states you media being write-protected, there's nothing VeraCrypt can do.

Maybe the volume's filesystem got corrupted by dirty dismount or whatsoever. Nevertheless, you should create a backup of your data before attempting to solve this issue (like setting Microsoft's testdisk to this partition).

Greets

[Mounir IDRASSI]

@mrt19
I suspect that this has to do with a BitLocker Group Policy pushed by your company through AD and which forces all external storage mediums to be mounted as ReadOnly in Windows unless they are encrypted with BitLocker.

The security policy is question is called "Deny write access to removable drives not protected by BitLocker" and it is documented here: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#deny-write-access-to-removable-drives-not-protected-by-bitlocker

The key information in the link is:

If the Deny write access to devices configured in another organization option is selected, only drives with identification fields that match the computer's identification fields are given Write access. When a removable data drive is accessed, it's checked for a valid identification field and allowed identification fields. These fields are defined by the Provide the unique identifiers for your organization policy setting.

There is no way for VeraCrypt to override this setting.
Can you confirm that you are indeed in this case by checking the the deployed group policy in your machine?

[Mr.T]

@idrassi: Thank you for input. checked the removable drives and nothing is set there, all values "Not configured"
Anyhow, I suspect that your aim is correct to think it comes from there, just to find right policy to disable:)

I have checked as well the options for fixed disks, as the SSD is internal (M.2), nothing configured there either, so seems we not found yet the right policy regulation part.