Hi,
I have came into the same problem described in this history e-mail (from the
history of this mailing list) but the solution proposed here by Michal
Vodicka is not acceptable as WHQL will not allow use of other APIs but only
NDIS. Does anybody knows about a better solution? Thanks!
Roman.
Author: "Michal Vodicka
Subject: RE: NdisMRegisterDevice & non-administrative access
Body: I had similar problem several years before and changed security
decriptor
for device created using NdisMRegisterDevice. All info you need is here:
http:
Maybe there is a new way for XP, I vaguely remember to see some new APIs
regarding device security.
Best regards,
Michal Vodicka
> Reply To: xxxxx@lists.osr.com mailto:xxxxx
> Sent: Tuesday, January 14, 2003 11:49 PM
> To: xxxxx@lists.osr.com mailto:xxxxx
> Subject: [ntdev] NdisMRegisterDevice & non-administrative access
>
> Hi,
>
> I’ve been out of the loop for a while as far as kernel development
> goes, so
> I may have missed something, but I’ve recently begun attempting to figure
> out how to adjust the access rights to a device object created by
> NdisMRegisterDevice. Apparently NdisMRegisterDevice returns a device
> object
> of type FILE_DEVICE_NETWORK (as it should). However,
> FILE_DEVICE_NETWORK’s
> default security level prohibits non-administrative users from
> communicating
> with the device object (CreateFile/DeviceIoControl). I believe the
> solution
> lies in changing the security descriptor on the device object to one that
> allows for GENERIC_ALL from both administrative and non-administrative
> users. The problem with this solution is that ntddk.h seems to suggest
> that
> I ought not touch the SecurityDescriptor attribute of the DEVICE_OBJECT.
> One thing I attempted to try (just randomly) was changing the devices type
> to FILE_DEVICE_UNKNOWN after calling NdisMRegisterDevice to create it.
> This, of course, had no affect.
>
> So to summarize: I’m looking for a way to modify a device object
> returned
> from NdisMRegisterDevice in such a way that non-administrators have the
> same
> rights as administrators.
>
> Thanks for the help,
>
> Matt Miller
> xxxxx@positivenetworks.net mailto:xxxxx
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
mailto:michal.vodicka
> To unsubscribe send a blank email to xxxxx@lists.osr.com
mailto:xxxxx</mailto:xxxxx></mailto:michal.vodicka></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></http:>