Hello,
This is due to the permissions on ?? object
directory.
All the dosdevices such as C:, D: etc. are created as
symbolic links under this object directory.
Windows NT/2000 protects operating system base objects
like
?? to tighten up the security. This protection is
controlled by a registry value called “ProtectionMode”
under HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager
registry key.
Check out the following for more details.
http://support.microsoft.com/support/kb/articles/Q244/9/95.ASP
http://support.microsoft.com/support/kb/articles/Q222/1/59.ASP
http://msdn.microsoft.com/library/winresource/dnwinnt/S87D1.HTM
By default, on Windows 2000, this registry value is
set to 1
and on Windows NT 4.0, this is set to 0. Hence
ordinary user
does not have write access on ?? under Windows 2000
whereas
on NT 4.0, ordinary user has write access on ??.
Now, DefineDosDevice call is implemented by CSRSS
process. Since,
CSRSS process runs in system context, it has
permissions to add
objects under ??. However while removing/updating the
the DOS
device, CSRSS impersonates the client and hence fails
to
delete/update the symbolic link under ??.
The problem you are facing will happen with substed
drives
as well. e.g. You can subst a drive from ordinary user
account
however you can not delete that drive.
Also, if you set ProtectionMode to 1 on NT 4.0
machine, you
will face the problem on NT 4.0 as well.
Hope this helps.
-Prasad
— Qasim Zuhair wrote:
>
>
> Hello,
>
> I am having a problem under windows 2000 with my
> file system driver/network
> redirector. I do not see this problem under Windows
> NT. The redirector
> allows users map network drives to a specific type
> of file system on remote
> hosts. When connecting a drive, I assign a symbolic
> name/MS_DOS name to the
> NT device name
> in my network provider DLL as follows:
>
> DefineDosDevice (DDD_RAW_TARGET_PATH,
> pszDosDeviceName, pszNtDeviceName);
>
> Then, when the user disconnects the drive, I am
> removing the symbolic
> link/MS-DOS device name as follows:
>
> DefineDosDevice (DDD_RAW_TARGET_PATH|
> DDD_REMOVE_DEFINITION|
> DDD_EXACT_MATCH_ON_REMOVE, pszDosDeviceName,
> pszNtDeviceName);
> This works fine under Windows NT. It also works
> under Windows 2000 if I
> logon as an “Administrator”. However, if I logon as
> a “User” , then my
> network provider DLL fails to remove the symbolic
> link when the drive is to
> be disconnected. The errro message displayed is:
> “Access is denied”
> What am I doing wrong? Why is the symbolic name not
> removed for a “User”?
> Thanks
> Qasim
>
>
>
>
>
>
>
> —
> You are currently subscribed to ntfsd as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
>
> .
> to $subst(‘Email.Unsub’)
>
> .
>
=====
Prasad S. Dabak
Director of Engineering, Windows NT/2000 Division
Cybermedia Software Private Limited
http://www.cybermedia.co.in
Co-author of the book “Undocumented Windows NT”
ISBN 0764545698
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/