Re: Rights for UpdDrvFPlugnPlayDevices

Re: Rights for UpdDrvFPlugnPlayDevices: Posted by Pavel A. on August 10th, 2003; "Alex Pranke" <anuofgod@hotmail.com> wrote in message
news:07a601c35d9d$13456730$a601280a@phx.gbl...
These functions cannot require admin rigths. Even non-admin users can open
device manager, remember?
NewDev probably does explicit test if the user belongs to local admin group
(and, of course you can't get around this).

- PA; Posted by Alex Pranke on August 11th, 2003; Sorry, but you are terribly wrong, maybe because you
didn't understand my question.

To install or call a device installation program you need
administrator rights. Why are they called Administrators
then?
I don't want to list devices, I want to run the installer.
If you check MSDN for SetupDiSetDeviceRegistryProperty

http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/install/hh/install/di-rtns_18c2.asp

it will say:
The caller of this function must be a member of the
Administrators group.

Try it yourself and you will see: Access is denied.

Thanks anyway.
Cheers, Alex; Posted by Alex Pranke on August 11th, 2003; Actually, I'm not elevating the user rights, I'm actually
re-adjusting his Token Privileges as an administrator for
my application's thread only, but for that the
domain,username and password for the administrator must be
provided, it doesn't do it 'magically'...
That's why there is no security issue.
Thanks,
A.

us/devio/base/setupdisetdeviceregistryproperty.asp ); Posted by Pavel A. on August 11th, 2003; Well I apologize. Some of these calls are explicitly documented as "for
admins only"
(btw, in the SDK docum for SetupDiSetDeviceRegistryProperty, there is no
such note
http://msdn.microsoft.com/library/de...ryproperty.asp )

But anyway, isn't what you're doing, attempt to override the security model?
Certain feature is available only to members of admin group.
You don't like it - security and convenience are mutually exclusive.
Can you break it? May be. If you success, there will be just another
security hole to patch...
But in no (documented) way you can change group membership of a user by
upgrading user rights.

I've heard about beta of a new install toolkit which allow installing
combination of apps and drivers.
May be it will allow unattended installation of drivers in "elevated"
context, like the installer service does for apps.

Good luck,
- PA

"Alex Pranke" <anuofgod@hotmail.com> wrote in message
news:05b701c35ff2$6b559100$a301280a@phx.gbl...; Posted by Alexander Grigoriev on August 11th, 2003; There is another privilege which allows to install devices. You can grant
the privilege to some user or user group, in the system security policy.

"Alex Pranke" <anuofgod@hotmail.com> wrote in message
news:07c201c36010$f480c990$a301280a@phx.gbl...; Posted by Alex Pranke on August 11th, 2003; Sorry, I can't find it.
Can you tell me its exact location?
Thanks.; Posted by Pavel A. on August 11th, 2003; Probably Alexander means "Load and unload device drivers" in the LSP.

--PA

"Alex Pranke" <anuofgod@hotmail.com> wrote in message
news:085f01c36017$200504e0$a301280a@phx.gbl...

Similar Posts

Where are my rights??? (Security & Administration) by Daddy0
Administrator rights (Security & Administration) by Scott Burke
Re: administrator rights (Computers & Technology) by DC
Re: ADMINISTRATOR RIGHTS (Computers & Technology) by Use.Netuser.de
WHAT ARE OUR RIGHTS? (Graphics & Designing) by Gauthier Design