Rights

OSR_Community_User · March 7, 2001, 11:02am

Hi,
“Starting with Windows NT 4.0 Service Pack 4 and beyond (including Windows 2000), there are new access requirements for SCSI pass through requests.
Only members of the administrator’s group have the correct authority to send SCSI pass through requests.”

Is there a workaround for users who are not in the admin group?

Bogdan

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Paul_Bunn · March 7, 2001, 12:25pm

I sure hope not.
A CDB could be sent to any device and told to low-level format the drive even
while it’s in use.
SPTI is a powerful tool, dangerous in the wrong hands and having only admins able
to use it is the bare minimum of precautionary steps.

Regards,

Paul Bunn, UltraBac.com, 425-644-6000
Microsoft MVP - WindowsNT/2000
http://www.ultrabac.com

-----Original Message-----
From: Bogdan Coroi [mailto:xxxxx@cadsoft.ro]
Sent: Wednesday, March 07, 2001 7:56 AM
To: NT Developers Interest List
Subject: [ntdev] Rights

Hi,
“Starting with Windows NT 4.0 Service Pack 4 and beyond (including Windows 2000),
there are new access requirements for SCSI pass through requests.
Only members of the administrator’s group have the correct authority to send SCSI
pass through requests.”

Is there a workaround for users who are not in the admin group?

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · March 17, 2001, 3:43pm

> I sure hope not.

A CDB could be sent to any device and told to low-level format the drive
even
while it’s in use.
SPTI is a powerful tool, dangerous in the wrong hands and having only
admins able
to use it is the bare minimum of precautionary steps.

If the the kernel-mode driver is loaded for a SCSI LUN - then SCSIPORT will
disable the SPT access to this LUN from \.\Scsi%d: and will require this
access to go via the class driver (\.\PhysicalDrive%d if this is a disk).

You cannot use CreateFile(“\\.\Scsi0:”) to send CDB to disks. You must
use CreateFile(“\\.\PhysicalDrive0”).

\.\Scsi%d is not protected by the device ACLs and non-admins can use it
even on NT4SP6.
But \.\PhysicalDrive%d is restricted to admins.

Max

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com