RE: Calling CreateFile / DeviceIOControl from a limited user accou by AntonBassov
AntonBassov
Sat Mar 10 23:41:00 CST 2007
> So what you are saying is that there is no way to grant a limited user the
> rights to run code that connects to a driver without making them an
> administrator?
Actually, I am saying exactly the opposite - as long as driver's ACL allows
restricted users to access it, there is no problem here whatsoever. The only
thing I am saying is that the code that adjust driver's original ACL has to
be run by user with Admin rights....
In fact, you ask your question in the wrong NG - this is purely a user-mode
issue, so that an answer to your question lies with SDK (namely, Access
Control Functions), rather than with DDK/WDK
Anton Bassov
"Matthew Townsend" wrote:
> I have modified the inf for my driver giving Generic all access to the World
> (Everyone) but that did not make a difference.
>
> So what you are saying is that there is no way to grant a limited user the
> rights to run code that connects to a driver without making them an
> administrator?
>
> --
> Matthew Townsend
> General Dynamics
>
>
> "Anton Bassov" wrote:
>
> > You have to grant a current user a permission to access your driver by
> > modifying its ACL - check access control functions on MSDN for more info.
> > Please note that the code that does the above has to run on the account with
> > admin privileges.
> >
> > Anton Bassov
> >
> > "Matthew Townsend" wrote:
> >
> > > I need to be able to open a handle to a driver and communicate with it via
> > > IOCTLs. This needs to be done from a limited user account on Windows XP Pro
> > > SP2.
> > > I have a solution working when running from an administrator account but I
> > > can't get it to work from the limited user account and I cannot find any
> > > security settings the allow access.
> > >
> > > Is there a security setting of some sort that I can set to allow this
> > > functionality?
> > >
> > > Thank you.
> > > --
> > > Matthew Townsend
> > > General Dynamics