I’m filtering NTFS for nt/2k/xp and allow blocking acces to user specified
file types based on file ownership and am having an issue with getting
security descriptors (SD). I call ObGetObjectSecurity and pass in the
fileobject, when I am logged in as an Administator every thing appears to
work just fine. However, when I am logged in as a user I get the error
STATUS_INVALID_PARAMETER.
I am using Inernet Explorer to produce this condition. (I am blocking access
to dlls unless the dll owner is Administrator, all the dlls being tested are
owned by the administrator) When iexplore.exe is accessing(loading) a dll I
check the owner , but on some of the dlls I get the above error ( no SD
returned so it gets blocked), the same dll file object passes through a
second time (retry?) I get the SD and all is well, the rest of the dlls
loaded by iexplore pass through the system properly the first time.
Is there something I am missing? or ???
thanks,
David