[ui] add option to set internal drives offline for Windows 11 To Go

* This is enabled by default for Windows 11 images and is done to prevent the
  annoying behaviour of Windows 11 *automatically* upgrading all ReFS drives
  it sees to latest version, thereby instantly preventing you from accessing
  these drives ever again with Windows 10.
* See: https://gist.github.com/0xbadfca11/da0598e47dd643d933dc#Mountability.

res/loc/ChangeLog.txt

@@ -6,6 +6,8 @@ https://github.com/pbatard/rufus/wiki/Localization#Editing_an_existing_translati
 Or simply download https://rufus-web.akeo.ie/locale/pollock.exe and follow its directions.
 
 o v3.20 (2022.??.??)
+  IMPORTANT: The translation changes below are *NOT* finalized and may evolve further...
+             Please avoid sending a translation update before I send a request for it, thank you!
   - *NEW*      MSG_323 "Unable to open or read '%s'"
   - *NEW*      MSG_325 "Applying Windows customization: %s"
   - *NEW*      MSG_326 "Windows User Experience"
@@ -14,6 +16,7 @@ o v3.20 (2022.??.??)
   - *NEW*      MSG_329 "Remove requirement for 4GB+ RAM and 64GB+ disk"
   - *NEW*      MSG_330 "Remove requirement for an online Microsoft account"
   - *NEW*      MSG_331 "Disable data collection (Skip privacy questions)"
+  - *NEW*      MSG_332 "Prevent Windows To Go from accessing internal disks"
 
 o v3.14 (2021.03.31)
   - *UPDATED*  MSG_068 "Error while partitioning drive." -> "Could not partition drive."

res/loc/rufus.loc

@@ -589,6 +589,7 @@ t MSG_328 "Remove requirement for Secure Boot and TPM 2.0"
 t MSG_329 "Remove requirement for 4GB+ RAM and 64GB+ disk"
 t MSG_330 "Remove requirement for an online Microsoft account"
 t MSG_331 "Disable data collection (Skip privacy questions)"
+t MSG_332 "Prevent Windows To Go from accessing internal disks"
 
 #########################################################################
 l "ar-SA" "Arabic (العربية)" 0x0401, 0x0801, 0x0c01, 0x1001, 0x1401, 0x1801, 0x1c01, 0x2001, 0x2401, 0x2801, 0x2c01, 0x3001, 0x3401, 0x3801, 0x3c01, 0x4001

src/format.c

@@ -72,7 +72,7 @@ extern uint32_t dur_mins, dur_secs;
 extern uint32_t wim_nb_files, wim_proc_files, wim_extra_files;
 static int actual_fs_type, wintogo_index = -1, wininst_index = 0;
 extern BOOL force_large_fat32, enable_ntfs_compression, lock_drive, zero_drive, fast_zeroing, enable_file_indexing;
-extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available, enable_inplace;
+extern BOOL write_as_image, use_vds, write_as_esp, is_vds_available, enable_inplace, set_drives_offline;
 extern const grub_patch_t grub_patch[2];
 extern char* unattend_xml_path;
 uint8_t *grub2_buf = NULL, *sec_buf = NULL;
@@ -1465,6 +1465,19 @@ static BOOL SetupWinToGo(DWORD DriveIndex, const char* drive_name, BOOL use_esp)
 
 	UpdateProgressWithInfo(OP_FILE_COPY, MSG_267, wim_proc_files + 2 * wim_extra_files, wim_nb_files);
 
+	// Setting internal drives offline for Windows To Go is crucial if, for instance, you are using ReFS
+	// on Windows 10 (therefore ReFS v3.4) and don't want a Windows 11 To Go boot to automatically
+	// "upgrade" the ReFS version on all drives to v3.7, thereby preventing you from being able to mount
+	// those volumes back on Windows 10 ever again. Yes, I have been stung by this Microsoft bullshit!
+	// See: https://gist.github.com/0xbadfca11/da0598e47dd643d933dc#Mountability
+	if (set_drives_offline) {
+		uprintf("Setting the target's internal drives offline using command:");
+		// This applies the "offlineServicing" section of the unattend.xml (while ignoring the other sections)
+		static_sprintf(cmd, "dism /Image:%s\\ /Apply-Unattend:%s", drive_name, unattend_xml_path);
+		uprintf(cmd);
+		RunCommand(cmd, NULL, usb_debug);
+	}
+
 	uprintf("Disabling use of the Windows Recovery Environment using command:");
 	static_sprintf(cmd, "%s\\bcdedit.exe /store %s\\EFI\\Microsoft\\Boot\\BCD /set {default} recoveryenabled no",
 		sysnative_dir, (use_esp) ? ms_efi : drive_name);

src/rufus.c

@@ -64,10 +64,12 @@ enum bootcheck_return {
 #define UNATTEND_MINRAM_MINDISK_MASK        0x02
 #define UNATTEND_NO_ONLINE_ACCOUNT_MASK     0x04
 #define UNATTEND_NO_DATA_COLLECTION_MASK    0x08
+#define UNATTEND_OFFLINE_INTERNAL_DRIVES    0x10
 
 #define UNATTEND_WINPE_SETUP_MASK           (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_MINRAM_MINDISK_MASK)
 #define UNATTEND_SPECIALIZE_DEPLOYMENT_MASK (UNATTEND_NO_ONLINE_ACCOUNT_MASK)
 #define UNATTEND_OOBE_SHELL_SETUP           (UNATTEND_NO_DATA_COLLECTION_MASK)
+#define UNATTEND_OFFLINE_SERVICING          (UNATTEND_OFFLINE_INTERNAL_DRIVES)
 
 static const char* cmdline_hogger = "rufus.com";
 static const char* ep_reg = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer";
@@ -88,7 +90,8 @@ static BOOL allowed_filesystem[FS_MAX] = { 0 };
 static int64_t last_iso_blocking_status;
 static int selected_pt = -1, selected_fs = FS_UNKNOWN, preselected_fs = FS_UNKNOWN;
 static int image_index = 0, select_index = 0;
-static int unattend_xml_mask = (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK);
+static int unattend_xml_mask = (UNATTEND_SECUREBOOT_TPM_MASK | UNATTEND_NO_ONLINE_ACCOUNT_MASK |
+	UNATTEND_OFFLINE_INTERNAL_DRIVES);
 static RECT relaunch_rc = { -65536, -65536, 0, 0};
 static UINT uMBRChecked = BST_UNCHECKED;
 static HANDLE format_thread = NULL;
@@ -126,13 +129,13 @@ HWND hDeviceList, hPartitionScheme, hTargetSystem, hFileSystem, hClusterSize, hL
 HWND hImageOption, hLogDialog = NULL, hProgress = NULL, hDiskID;
 HANDLE dialog_handle = NULL;
 BOOL is_x86_32, use_own_c32[NB_OLD_C32] = { FALSE, FALSE }, mbr_selected_by_user = FALSE;
-BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE, enable_inplace;
+BOOL op_in_progress = TRUE, right_to_left_mode = FALSE, has_uefi_csm = FALSE, its_a_me_mario = FALSE, enable_inplace = FALSE;
 BOOL enable_HDDs = FALSE, enable_VHDs = TRUE, enable_ntfs_compression = FALSE, no_confirmation_on_cancel = FALSE, lock_drive = TRUE;
 BOOL advanced_mode_device, advanced_mode_format, allow_dual_uefi_bios, detect_fakes, enable_vmdk, force_large_fat32, usb_debug;
 BOOL use_fake_units, preserve_timestamps = FALSE, fast_zeroing = FALSE, app_changed_size = FALSE;
 BOOL zero_drive = FALSE, list_non_usb_removable_drives = FALSE, enable_file_indexing, large_drive = FALSE;
 BOOL write_as_image = FALSE, write_as_esp = FALSE, use_vds = FALSE, ignore_boot_marker = FALSE;
-BOOL appstore_version = FALSE, is_vds_available = TRUE;
+BOOL appstore_version = FALSE, is_vds_available = TRUE, set_drives_offline = FALSE;
 float fScale = 1.0f;
 int dialog_showing = 0, selection_default = BT_IMAGE, persistence_unit_selection = -1, imop_win_sel = 0;
 int default_fs, fs_type, boot_type, partition_type, target_type;
@@ -1275,7 +1278,6 @@ static char* CreateUnattendXml(int arch, int mask)
 	fd = fopen(path, "w");
 	if (fd == NULL)
 		return NULL;
-	enable_inplace = mask & UNATTEND_WINPE_SETUP_MASK;
 
 	fprintf(fd, "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
 	fprintf(fd, "<unattend xmlns=\"urn:schemas-microsoft-com:unattend\">\n");
@@ -1283,6 +1285,7 @@ static char* CreateUnattendXml(int arch, int mask)
 	// This part produces the unbecoming display of a command prompt window during initial setup, which
 	// may scare users... But the Windows Store version doesn't allow us to edit an offline registry...
 	if (mask & UNATTEND_WINPE_SETUP_MASK) {
+		enable_inplace = TRUE;
 		order = 1;
 		fprintf(fd, "  <settings pass=\"windowsPE\">\n");
 		fprintf(fd, "    <component name=\"Microsoft-Windows-Setup\" processorArchitecture=\"%s\" language=\"neutral\" "
@@ -1345,6 +1348,19 @@ static char* CreateUnattendXml(int arch, int mask)
 		fprintf(fd, "  </settings>\n");
 	}
 
+	if (mask & UNATTEND_OFFLINE_SERVICING) {
+		fprintf(fd, "  <settings pass=\"offlineServicing\">\n");
+		if (mask & UNATTEND_OFFLINE_INTERNAL_DRIVES) {
+			set_drives_offline = TRUE;
+			fprintf(fd, "    <component name=\"Microsoft-Windows-PartitionManager\" processorArchitecture=\"%s\" language=\"neutral\" "
+				"xmlns:wcm=\"http://schemas.microsoft.com/WMIConfig/2002/State\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
+				"publicKeyToken=\"31bf3856ad364e35\" versionScope=\"nonSxS\">\n", xml_arch_names[arch]);
+			fprintf(fd, "      <SanPolicy>4</SanPolicy>\n");
+			fprintf(fd, "    </component>\n");
+		}
+		fprintf(fd, "  </settings>\n");
+	}
+
 	fprintf(fd, "</unattend>\n");
 	fclose(fd);
 	return path;
@@ -1609,6 +1625,8 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
 				}
 				StrArrayAdd(&options, lmprintf(MSG_331), TRUE);
 				MAP_BIT(UNATTEND_NO_DATA_COLLECTION_MASK);
+				StrArrayAdd(&options, lmprintf(MSG_332), TRUE);
+				MAP_BIT(UNATTEND_OFFLINE_INTERNAL_DRIVES);
 				i = SelectionDialog(BS_AUTOCHECKBOX, lmprintf(MSG_326), lmprintf(MSG_327),
 					options.String, options.Index, remap8(unattend_xml_mask, map, FALSE));
 				StrArrayDestroy(&options);
@@ -2747,6 +2765,8 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
 			fs_type = (int)ComboBox_GetCurItemData(hFileSystem);
 			write_as_image = FALSE;
 			write_as_esp = FALSE;
+			enable_inplace = FALSE;
+			set_drives_offline = FALSE;
 			// Disable all controls except Cancel
 			EnableControls(FALSE, FALSE);
 			FormatStatus = 0;

src/rufus.rc

@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.19.1904"
+CAPTION "Rufus 3.19.1905"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -395,8 +395,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,19,1904,0
+ FILEVERSION 3,19,1905,0
- PRODUCTVERSION 3,19,1904,0
+ PRODUCTVERSION 3,19,1905,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -414,13 +414,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.19.1904"
+            VALUE "FileVersion", "3.19.1905"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-3.19.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.19.1904"
+            VALUE "ProductVersion", "3.19.1905"
         END
     END
     BLOCK "VarFileInfo"