Hi Peter,
Sorry to be so troublesome, but I cannot seem to get the driver accessible from anyone but when an application is “Run as Administrator”. If I create
a shortcut to a test application, Right click and Run as Admin, all is well. But if I double click on the test app, the driver open fails with Access
Denied. I carefully read the article on OSR and I believe that I am setting the security correctly, but obviously I’m not. I am using the string
HKR,Security,“D:P(A;;GA;;;SY)(A;;GRGWGX;;;BA)(A;;GRGW;;;WD)(A;;GR;;;RC)”
It’s in my AddClassReg referenced by [ClassIntall32].
Also, I tried using WinObj to see what the actual security settings were but didn’t have much luck. When I go to my driver, right click and select
properties, it says “Error opening mydevice. Access is denied.”. If I push the button that says “Run as Administrator” I get the usual warning, and
can see the permissions. Permissions look like “SYSTEM” and “ADMINISTRATORS” can Read, Write and Delete. What am I missing?
Thanks for any help/insight! -Michael
On Wed, 2 Feb 2011 22:07:01 -0500 (EST), xxxxx@osr.com wrote:
(sorry to follow-up my own post)
No, the KMDF default protection which is D:P(A;;GA;;;SY)(A;;GA;;;BA)" (i.e. SDDL_DEVOBJ_SYS_ALL_ADM_ALL), which causes no END of grief to the unsuspecting. We had a client who spent 3 weeks pulling their hair out trying to get their driver to work before we could “talk them down” enough to LISTEN to us and get them to change the default ACL. The KMDF default is certainly annoying, it?s different from what WDM provides, and it’s not what I would have done… but it IS “secure by default.”
One final tip: When you cut/paste the SDDL strings into your INF file, don’t mistakenly cut/paste any ?smart quotation marks? (like the ones around that phrase) with it that may appear in documentation or on some web page. I had a VERY experienced buddy do that recently, and it took him a while to figure out why his INF file didn’t work.
Peter
OSR