How to limit admin access to files?

OSR_Community_User · November 1, 2006, 1:43am

Hi,

I want to store some files in a dir. And I don’t want any uesers including admin to access to it, while the system can access those files(my program works as system service). How can I do this excepting DACL(DACL does not meet my requirements). Any ideas?

Thanks!

amitr0-2 · November 1, 2006, 3:50am

thre are lots of ways, I am not sure what u are lookng for, some of them
could be…

get the SID of the NT_AUTH account, and let IRPs with those SID of
processes read it.
Uniquely identify ur process and let only IRPS od that process pass and
read all others are denied. There are several ways to do it!

On 11/1/06, headium2006@163.com wrote:
>
> Hi,
>
> I want to store some files in a dir. And I don’t want any uesers including
> admin to access to it, while the system can access those files(my program
> works as system service). How can I do this excepting DACL(DACL does not
> meet my requirements). Any ideas?
>
> Thanks!
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–

- amitr0

OSR_Community_User · November 1, 2006, 3:21pm

This might mean you don’t want to store your data as a file.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-268506-
xxxxx@lists.osr.com] On Behalf Of headium2006@163.com
Sent: Wednesday, November 01, 2006 07:42
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How to limit admin access to files?

Hi,

I want to store some files in a dir. And I don’t want any uesers
including admin to access to it, while the system can access those
files(my program works as system service). How can I do this excepting
DACL(DACL does not meet my requirements). Any ideas?

Thanks!

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@fausse.info To
unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · November 3, 2006, 4:21am

I just want my driver to store data in those files instead of other processes!

amitr0-2 · November 3, 2006, 4:40am

then just open the file in exclusive asssces mode from the driver!!!

On 11/3/06, headium2006@163.com wrote:
>
> I just want my driver to store data in those files instead of other
> processes!
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–

- amitr0