how to disable devcon and device manager?

TheMSsForum.com: The Microsoft Software Forum

i am writing a remote device blocker. i m planning to use setup APIs. i want
to prevent user on client machines from enabling devices by using device
manager or devcon. how can i do it? are there other ways a user can enable
the devices. unauthorized user should not be able to enable/disable devices.
thanks
Top

Re: how to disable devcon and device manager? by Maxim

Maxim
Thu Feb 08 05:43:37 CST 2007

> the devices. unauthorized user should not be able to enable/disable devices.

Windows itself will not allow unauthorized user to enable/disable devices.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

Top

Re: how to disable devcon and device manager? by shoeb

shoeb
Thu Feb 08 20:27:37 CST 2007

what about devcon?
"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:undrdZ3SHHA.5016@TK2MSFTNGP05.phx.gbl...
> > the devices. unauthorized user should not be able to enable/disable
devices.
>
> Windows itself will not allow unauthorized user to enable/disable devices.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> maxim@storagecraft.com
> http://www.storagecraft.com
>


Top

Re: how to disable devcon and device manager? by Scherbina

Scherbina
Thu Feb 08 07:21:44 CST 2007

Again, windows do that for you. If user does not have necessary priviligies
he/she has no chance to disable anything using devcon.

--
Vladimir
"shoeb" <shoeb.ali@stellarinfo.com> wrote in message
news:e$gZdC4SHHA.4028@TK2MSFTNGP04.phx.gbl...
> what about devcon?
> "Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
> news:undrdZ3SHHA.5016@TK2MSFTNGP05.phx.gbl...
>> > the devices. unauthorized user should not be able to enable/disable
> devices.
>>
>> Windows itself will not allow unauthorized user to enable/disable
>> devices.
>>
>> --
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> maxim@storagecraft.com
>> http://www.storagecraft.com
>>
>
>

Top

Re: how to disable devcon and device manager? by Scherbina

Scherbina
Thu Feb 08 07:36:29 CST 2007

Actually, the devcon uses SetupDi api (and I belive device manager too, I
did not checked that yet), so any application that uses SetupDi falls into
risk category for your application. I am not sure you will be able manage
all this. Can you tell us a bit more about the design you are going to
implement?

--
Vladimir
"shoeb" <shoeb.ali@stellarinfo.com> wrote in message
news:ue4HrX0SHHA.192@TK2MSFTNGP04.phx.gbl...
>i am writing a remote device blocker. i m planning to use setup APIs. i
>want
> to prevent user on client machines from enabling devices by using device
> manager or devcon. how can i do it? are there other ways a user can enable
> the devices. unauthorized user should not be able to enable/disable
> devices.
> thanks
>
>

Top

Re: how to disable devcon and device manager? by Alexander

Alexander
Thu Feb 08 10:34:07 CST 2007

Solution to all your IT problem is: DON'T LET USERS RUN WITH ADMINISTRATIVE
PRIVILEGES. PERIOD. Then you'll get NO VIRUSES, NO SPYWARE, NO UNAUTHORIZED
SOFTWARE.

"shoeb" <shoeb.ali@stellarinfo.com> wrote in message
news:ue4HrX0SHHA.192@TK2MSFTNGP04.phx.gbl...
>i am writing a remote device blocker. i m planning to use setup APIs. i
>want
> to prevent user on client machines from enabling devices by using device
> manager or devcon. how can i do it? are there other ways a user can enable
> the devices. unauthorized user should not be able to enable/disable
> devices.
> thanks
>
>


Top

Re: how to disable devcon and device manager? by Skywing

Skywing
Thu Feb 08 11:09:55 CST 2007

And keep your systems patched...

--
Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
"Alexander Grigoriev" <alegr@earthlink.net> wrote in message
news:utJx175SHHA.2256@TK2MSFTNGP02.phx.gbl...
> Solution to all your IT problem is: DON'T LET USERS RUN WITH
> ADMINISTRATIVE PRIVILEGES. PERIOD. Then you'll get NO VIRUSES, NO SPYWARE,
> NO UNAUTHORIZED SOFTWARE.
>
> "shoeb" <shoeb.ali@stellarinfo.com> wrote in message
> news:ue4HrX0SHHA.192@TK2MSFTNGP04.phx.gbl...
>>i am writing a remote device blocker. i m planning to use setup APIs. i
>>want
>> to prevent user on client machines from enabling devices by using device
>> manager or devcon. how can i do it? are there other ways a user can
>> enable
>> the devices. unauthorized user should not be able to enable/disable
>> devices.
>> thanks
>>
>>
>
>

Top

Re: how to disable devcon and device manager? by Alexander

Alexander
Thu Feb 08 21:19:42 CST 2007

This will be just rare entertainment, then... If systems are set to
autoupdate, the admins won't have to even bother.

"Skywing [MVP]" <skywing_NO_SPAM_@valhallalegends.com> wrote in message
news:uUuu1P6SHHA.3948@TK2MSFTNGP05.phx.gbl...
> And keep your systems patched...
>
> --
> Ken Johnson (Skywing)
> Windows SDK MVP
> http://www.nynaeve.net
> "Alexander Grigoriev" <alegr@earthlink.net> wrote in message
> news:utJx175SHHA.2256@TK2MSFTNGP02.phx.gbl...
>> Solution to all your IT problem is: DON'T LET USERS RUN WITH
>> ADMINISTRATIVE PRIVILEGES. PERIOD. Then you'll get NO VIRUSES, NO
>> SPYWARE, NO UNAUTHORIZED SOFTWARE.
>>
>> "shoeb" <shoeb.ali@stellarinfo.com> wrote in message
>> news:ue4HrX0SHHA.192@TK2MSFTNGP04.phx.gbl...
>>>i am writing a remote device blocker. i m planning to use setup APIs. i
>>>want
>>> to prevent user on client machines from enabling devices by using device
>>> manager or devcon. how can i do it? are there other ways a user can
>>> enable
>>> the devices. unauthorized user should not be able to enable/disable
>>> devices.
>>> thanks
>>>
>>>
>>
>>
>


Top

Re: how to disable devcon and device manager? by pavel_a

pavel_a
Fri Feb 09 07:48:00 CST 2007

Alexander, you know that this won't help anyway.

First, WinXP requires too much admin intervention for standard users
( this has been addressed in Vista )

Second, security holes allow to standard users (or malware that
they run) to get complete admin control.
Even if these holes are not known in Vista yet, it is only matter of time.

--PA

Top

Re: how to disable devcon and device manager? by Alexander

Alexander
Fri Feb 09 22:19:29 CST 2007

Privilege escalation vulns are rare and pretty much all patched.
I and my family members all run as limited users. Not much admin
intervention required, at least I don't let anybody install stray
applications. Some crap just won't work, this is why I got rid of ICQ long
ago.

"Pavel A." <pavel_a@NOwritemeNO.com> wrote in message
news:827F5CBA-0196-4AE8-A0E5-B2EAF4F2146D@microsoft.com...
> Alexander, you know that this won't help anyway.
>
> First, WinXP requires too much admin intervention for standard users
> ( this has been addressed in Vista )
>
> Second, security holes allow to standard users (or malware that
> they run) to get complete admin control.
> Even if these holes are not known in Vista yet, it is only matter of time.
>
> --PA
>


Top

Re: how to disable devcon and device manager? by Maxim

Maxim
Sat Feb 10 06:03:02 CST 2007

> applications. Some crap just won't work, this is why I got rid of ICQ long
> ago.

Here in Russia many people replaced the ICQ client with Miranda or QIP.

ICQ is inferior due to lots of ads, inferior database structure (ICQ's database
of 40MB became 3MB after conversion to Miranda and such), due to memory
consumption and thus performance.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@storagecraft.com
http://www.storagecraft.com

Top