Administrator has prohibited access to CD/DVD ROM drives

[Jim S]

I am getting the error message above, and all of my removable media drives
appear grayed out with a big red slash in a circle over them (in my
computer). they seem to be read only devices now.
I am the administrator, and made no intentional change to forbid access.
the problem seemed to have appeared as I was installing drivers from CD for
an upgraded video card. I am running XP SP2.
The registry settings to Restrict CD-ROM access to locally logged-on user
only seem not appropriate, since I am the locally logged-on user. I made no
changes there. the registry setting StorageDevicePolicies was not set, but I
set it to 0 (no help). (see
http://support.microsoft.com/default.aspx/kb/555441)
This would help if I had vista and group policy. No help on XP home…
http://msdn2.microsoft.com/en-us/library/bb530324.aspx

I tried to system restore but that failed. (separate problem)
I would appreciate any assistance. Thanks.

 

[Mark L. Ferguson]

Go to start/run, type:
devmgmt.msc

With the drive connected, doubleclick the device listed in 'disk drives'
Click the policies tab to then click the 'Reset defaults" button.

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPost

Mark L. Ferguson

..

 

[Jim S]

Mark, thanks for your reply.
Unfortunately it does not solve my problem...
The floppy drive and optical drives do not have a policies tab in device
manager, but the USB reader devices do. Clicking on restore defaults on all
of the USB drives did not help solve the problem. :-( Apparently it is not
related to write caching. It was worth a shot.
I would appreciate any other suggestions you might have!
It looks exactly like the behaviour I would expect from the article on
Vista group policy. I wish the article had registry settings, I would try
them!
To deny write access to specific removable device classes

1.. In the Group Policy Object Editor navigation pane, open Computer
Configuration, then open Administrative Templates, open System, and then
open Removable Storage Access.
2.. Right-click CD and DVD: Deny write access, and then click Properties.
3.. On the Properties dialog box, click Enabled to turn on the
restriction, and then click OK.
4.. Repeat steps 2 and 3 for the following computer policies:
a.. Removable Disks: Deny write access
b.. Floppy Drives: Deny write access
c.. WPD Devices: Deny write access
5.. Close Group Policy Object Editor.

 

[Mark L. Ferguson]

Locate and click the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider On
the Edit menu, click Permissions . Click the registry key for the user that
is currently logged on and ensure that Read and Full Control are both set to
Allow . Click the Advanced button, ensure that the user that is currently
logged on is selected, that Full Control is listed in the Permissions
column, and that This Key and Subkeys is listed in the Apply to column.
Click to select the Replace permission entries on all child objects with
entries shown here that apply to child objects check box. Click Apply , and
then click Yes when you receive a prompt to continue. Click OK , and then
click OK again

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPost

Mark L. Ferguson

..

 

[Jim S]

Mark thanks again.

I think you definitely found a problem, but I still have the error.

In HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider
there are two SID's listed, mine and another that I can't find elsewhere in
the registry, so I am not sure what it is. The one that does NOT correspond
to me is set as you suggest, with my account and administrators groups both
having read and full control, inherited from current_user. This key has
subkeys Data and Data 2, each with more subkeys, all set with permissions
for my account and administrators. I find it strange that this is not my
SID, but I have permissions set.

The Key that corresponds to my account's SID had no subkeys at all, and its
permissions were only for System (read and full - not inherited). I added
both my account and Administrators group as you suggested, but I didn't make
them inherited like the other SID has. I rebooted and still had the same
problem (denied access to removable media drives). I checked the registry
and there were now the subkeys data and data 2, but the permissions were not
set. I applied the permissions for administrators and my account to all the
keys and subkeys, and I marked them as inherited this time. I now have a
funny mix of permissions with both inherited from current_user and not
inherited, but I have full control throughout. Rebooted and I still have the
"Administrator has prohibited access to CD/DVD ROM drives" problem.

I have never had any problems accessing my outlook accounts with stored ID
and password (protected storage)..

This is a really annoying problem, and I truly appreciate all the help.

Please, anyone who can, please offer suggestions. Thanks.

Locate and click the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider On
the Edit menu, click Permissions . Click the registry key for the user
that is currently logged on and ensure that Read and Full Control are both
set to Allow . Click the Advanced button, ensure that the user that is
currently logged on is selected, that Full Control is listed in the
Permissions column, and that This Key and Subkeys is listed in the Apply
to column. Click to select the Replace permission entries on all child
objects with entries shown here that apply to child objects check box.
Click Apply , and then click Yes when you receive a prompt to continue.
Click OK , and then click OK again

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPost

Mark L. Ferguson

.

 

[Jim S]

Mark thanks again.

I think you definitely found a problem, but I still have the error.

In HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider
there are two SID's listed, mine and another that I can't find elsewhere in
the registry, so I am not sure what it is. The one that does NOT correspond
to me is set as you suggest, with my account and administrators groups both
having read and full control, inherited from current_user. This key has
subkeys Data and Data 2, each with more subkeys, all set with permissions
for my account and administrators. I find it strange that this is not my
SID, but I have permissions set.

The Key that corresponds to my account's SID had no subkeys at all, and its
permissions are only for System (read and full - not inherited). I added
both my account and Administrators group as you suggested, but I didn't make
them inherited like the other SID has. I rebooted and still had the same
problem (denied access to removable media drives). I checked the registry
and there were now the subkeys data and data 2, but the permissions were not
set. I applied the permissions for administrators and my account to all the
keys and subkeys, and I marked them as inherited this time. I now have a
funny mix of permissions with both inherited from current_user and not
inherited, but I have full control throughout. Rebooted and I still have the
"Administrator has prohibited access to CD/DVD ROM drives" problem.

I have never had any problems accessing my outlook accounts with stored ID
and password.

This is a really annoying problem, and I truly appreciate all the help.

Please, anyone who can, please offer suggestions. Thanks.

Locate and click the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider On
the Edit menu, click Permissions . Click the registry key for the user
that is currently logged on and ensure that Read and Full Control are both
set to Allow . Click the Advanced button, ensure that the user that is
currently logged on is selected, that Full Control is listed in the
Permissions column, and that This Key and Subkeys is listed in the Apply
to column. Click to select the Replace permission entries on all child
objects with entries shown here that apply to child objects check box.
Click Apply , and then click Yes when you receive a prompt to continue.
Click OK , and then click OK again

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPost

Mark L. Ferguson

.

 

[Mark L. Ferguson]

There is a technique used to reset default permissions in Windows, but if
that last hack did not work, I'm not too sure this would help either.

Aaron Stebner's WebLog Solving setup errors by using the SubInACL tool to
repair file and registry permissions:
http://blogs.msdn.com/astebner/archive/2006/09/04/739820.aspx

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales/help/help_en-us.htm#RateAPost

Mark L. Ferguson

..

 

[Jim S]

Mark, thanks again for all your help.
You were right, the SubInACL tool did not help.
I finally gave up, and did an 'in-place upgrade' and it fixed MOST of
the problem. I no longer get the error message, and the drives do not
disappear from some programs as before. I have not had a chance to try
everything yet.
But I am left with a silly little left-over from the problem. My drive
icons are still greyed out with the big red slash thing over them. Actually,
the two optical drives fixed themselves up some time during the Microsoft
updates that where required after the 'upgrade'. But the floppy and all of
the other removable media drives still have that icon problem. You, or
someone else following this thread, probably have some advice on how to fix
that little problem.
Thanks again.