Hi Ulli!

> if I remember right there is no way around using the admin account.

Ouch! Then my memories were bad. But you're not absolutely sure are you ?

Under a Linux host that's easy - just make the user a member of the disk group.

I suspect an equivalent is possible in NT, which has a set of privileges & permissions even more granular than Unix/Linux in fact, although they are not in broad use. Alternatively the VMware itself might impersonate a privileged account while accessing raw disks.

> Also  make sure that you remove the driveletter of the physical disk before  you assign it to a VM - thats critical !!! dont forget it - not even  once !

You know I know what I do... despite growing old <chuckle>   Thanks !!!

Ninho

I don't think it is the problem, I never had problem with seven and ws 7 virtualizing raw disks.

About the drive leter, it is not a question, it is ext partitions, my windows host can't access it.

The problem is mostly that vmware report a disk usage which is not true.

Said by Rholk :

> I don't think it is the problem, I never had problem with seven and ws 7 virtualizing raw disks.

Are you really, really saying you can access raw disks while logged on as a restricted user & not running VMware "as" Administrator ? Otherwise your issue is of a different nature and might open another question.

Regards

--

N.

Perfectly, i confirm that and doing this since 2 years easily.

Sorry for the wrong thread post. I let only important information:

I am administrator on both machine, but don't use the run as admin command.

> I am administrator on both machine, but don't use the run as admin command...

Being logged on as an administrator, naturally you don't need to use run as :smileysilly:

Ergo your valuable experience has no connection with my question, sorry !

Neither I nor anyone has problems accessing physical disks as Administrators.

But it is a rather bad idea to run Windows  under an administrative account IMHO

My question was how to let a VM access raw disks while logged in as a restricted user

and without running VMware player or WS as an administrator. It's a matter of security

and question of least privilege.

Thank you, Rholk!. Please feel free not to add to this thread unless you think you have a

relevant solution - no offence meant .

--

Ninho

corrected typo, and made clear no offence is meant.

Said by Continuum :

> if I remember right there is no way around using the admin account.

... and indeed right you were as (almost) always,

according to http://support.microsoft.com/kb/150101 :
Access to physical drives is a built-in right of the Administrators group and does not need to be enabled. Users who are not members of the Administrators group cannot open physical drives under any circumstances.

Although any member of the Administrators group can enable access control and auditing on physical drives, doing so provides little value for two reasons, the first leading to the second:

1. Adding access control lists (ACLs) to a physical drive does not control or audit access to the logical volumes on the drive, or to files and directories within those logical volumes. Instead, the ACLs are used to control and audit access to the physical drive itself, such as opening the physical drive with CreateFile() using \\.\PHYSICALDRIVEx.
2. Because only members of the Administrators group can access physical drives, the only use for an ACL on a physical drive is to control or audit the access that they have. Because members can change the ACLs on physical drives, their access is not truly limited.

MS Windows OSes are really, really dead brained. Oh, well, I suppose one has just to live with that

Case closed, sadly.

--

Ninho