Mini filters with UAC

OSR_Community_User-221 · March 26, 2007, 11:40am

We want to load a mini filter from application space via FilterLoad and manually attach it to an drive letter (also from application space) via FilterAttach with UAC enabled.

I have
Security = “D:(A;;RPWPRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)”
in the .INF file.

I can load the driver manually (via NET START), but FilterLoad fails with 0x80070005.
FilterAttach (with NET START loaded filter) fails also with 0x80070005

If I run my application as Administrator, FilterLoad fails with 0x80070522.

The same filter and application runs fine on XP.

What Security string do I need in the .INF file. What else is needed?

BTW: I did the tests on Vista RC1

Ruediger

OSR_Community_User-221 · March 27, 2007, 4:53am

After enabling the SeLoadDriverPrivilege, Filter load as Administrator works, but it does not work as User.

BTW: Enabling SeLoadDriverPrivilege works as User

OSR_Community_User · March 27, 2007, 5:33am

xxxxx@rsj.de wrote:

After enabling the SeLoadDriverPrivilege, Filter load as Administrator works, but it does not work as User.

As you would expect - the last thing you want is users being able to
start mucking around in ring 0.

Tony

OSR_Community_User · April 20, 2007, 8:35am

A little reference material can help you here…

http://www.microsoft.com/downloads/details.aspx?familyid=ba73b169-a648-49af-bc5e-a2eebb74c16b&displaylang=en (document called: WindowsVistaUACDevReqs.doc start around page 31 for the meat of this topic)

I had a similar issue with UAC and from what I read of the MS docs, they would prefer that if you MUST run an administrative task that you try to seperate it from your application space that does not require administrative access.

I created a small signed stub application with the manifest configuration requestedExecutionLevel specified for admin rights, then I call this app when I need it to perform my filter load/unload and it will pop up the UAC confirmation box. If they confirm it, it loads, life goes on. (page 36 in the doc)

Having an application constantly pop the UAC confirmation is pretty bad, but then again people who are using UAC and vista are getting used to spending 50% of their time confirming everything they do anyways. What would be nice is a check box to the UAC for “Trust this every time” so you can ease the pain.