how to make my driver-created device accessible without privileged permission

Hi all,

I have built a NDIS protocol driver which created a device named NDIS-SAMPLE.

Unfortunately, this device is only accessible (Open, Close, Ioctl, Read and Write operations) by Admin permission.

How can this device be accessible by normal users?

Any suggestions are welcome!

How exactly do you create the device? Unfortunately, I’m not much into the driver development, but I’ve seen a similar issue in one driver, and it was fixed by replacing the IoCreateDevice() call with IoCreateDeviceSecure() and an appropriate SDDL string, defining the permissions.

@CaptainFlint said:
How exactly do you create the device? Unfortunately, I’m not much into the driver development, but I’ve seen a similar issue in one driver, and it was fixed by replacing the IoCreateDevice() call with IoCreateDeviceSecure() and an appropriate SDDL string, defining the permissions.

Hi CaptainFlint, I create the device by using IoCreateDevice() function

Well, MSDN says:

IoCreateDevice can only be used to create an unnamed device object, or a named device object for which a security descriptor is set by an INF file. Otherwise, drivers must use IoCreateDeviceSecure to create named device objects.

I guess, you need to follow one of these two ways to apply the proper permissions.