Olivier
Wed May 04 01:08:03 CDT 2005
Your first idea may not be a solution regarding our business target as we
provides corporate solutions. In this kind of solution, the computers are
managed by one ore more administrator and the user has not the knowledge of
the admin password.
If the user changes the device usb connection (using another USB port, a USB
hub etc...), he will be requested to enter the admin password as there is a
registry key for each USB connection in HKLM.
Another issue with this solution is that a CCID driver is dedicated to
smartcard. It interacts with the smartcard server service (scardsvr) that is
provided by Microsoft and PC/SC compliant. Application that used the scard
API are not our application, they are our customer PC/SC end application,
sometimes they are already written and we can't ask them to handle the
missing registry key detection and modification.
Your second idea (filter driver) needs some more investigation for us as we
have little knowledge about filter drivers. However, if they behave like
standard device driver, they will still need to be signed to be
automatically installed by Windows.
The INF modification of the CCID driver is then more simple and quick and
provide the same behavior.
The service is the best idea as this service, installed during the driver
installation could monitor the PNP notification of the device insertion
filtered by its GUID and verify the presence of the registry key. As this
service would run in the system context, it should have admin rigths and
should be able to add the key in the registry if it is missing. At this
stage, I don't see nasty issue with this solution.
We still have a request pending at Microsoft for a CCID driver release with
the registry key set but we don't get any answer at this time.
Thanks for your help,
Olivier R.
"Ray Trent" wrote:
> This isn't a pleasant approach, but when you detect that the value isn't
> set you could tell the use and offer to execute a registry modification
> using "runas" or some other mechanism that prompts for an admin password.
>
> Other than that the only way would be to write a service or filter
> driver that does nothing except set the value. That's probably the
> "best" solution if MS can't help by providing a modified and signed INF
> in a hotfix or something.
>
> Olivier R. wrote:
> > Hello,
> >
> > I use the usbccid driver to develop a smartcard application.
> > As explained in the usbccid driver documentation :
> >
http://www.microsoft.com/whdc/device/input/smartcard/USB_CCID.mspx
> > "In order to send or receive an Escape command to a reader, the DWORD
> > registry value EscapeCommandEnable must be added and set to a non-zero value
> > under the HKLM\SYSTEM\CCS\Enum\USB\Vid*Pid*\*\Device Properties key."
> >
> > My problem is to find a way to automaticaly add the EscapeCommandEnable
> > DWORD in HKLM\SYSTEM\CCS\Enum\USB\Vid*Pid*\*\Device Properties during the
> > installation of the application.
> > (it is only during the installation of the application that you have the
> > administrator rights and so you can add a value in the registry base).
> >
> > - Is there a version of the usbccid driver available that avoids to modify
> > the registry (with Escape command always enabled) ?
> > - if I modify the usbccid.inf file so that this DWORD will be add in the
> > registry base : unfortunately the driver will not be signed anymore which is
> > too bad.
> > - The path depends on the USB port where the reader is plugged : which means
> > that the administrator will have to plug the reader to all USB ports during
> > the installation process to add each value to the right registry path and so
> > to be sure that he will be able to use the reader with all its computer ports
> > .
> >
> > I hope someone has a solution.
> >
> > Have a nice day
> >
> > Olivier
> >
>
> --
> .../ray\..
>