You can use the INF which installs the com port driver to specify the
ACL you want. See the “INF AddReg Directive” section in the WDK,
specifically the Security value:
Security
A Security entry specifies a security descriptor for the device. The
security-descriptor-string is a string with tokens to indicate the DACL
(D:) security component. See Platform SDK documentation for information
about the format of security descriptor strings. A class-installer INF
can specify a security descriptor for a device class. A device INF can
specify a security descriptor for an individual device, overriding the
security for the class. If the class and/or device INF specifies a
security-descriptor-string, the PnP manager propagates the descriptor to
all the device objects for a device, including the FDO, filter DOs, and
the PDO.
Any current access checks are inherit in the OS, not KMDF. We don’t do
anything other then call IoCreateDevice. Before you try the INF
directive (which would require a reinstall), are you giving your FDO an
explicit name? perhaps try an anon FDO and see if that changes anything
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@silabs.com
Sent: Wednesday, June 20, 2007 3:51 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] User Access Control with Virtual COM Ports
I am currently working on a WDF driver for a USB Virtual COM port
device. The driver itself is working well and is passing all of my data
integrity and COM API testing as well as the DTMs.
When I run my test applications however, they need to be run in elevated
mode (right click and Run As Administrator) or the CreateFile on the
virtual COM port will return a 5, Access Denied.
There is an existing driver that can currently be used with the USB
device that doesn’t require the elevation and is written using WDM
instead. I don’t have access to that source however.
Is there a way in the INF or at device creation process that will
eliminate the need to “run as an administrator” when accessing the
virtual port, or is this something that is just inherent? It seems like
there is some way around it since I have an existing driver that doesn’t
require it, but could this be due to the WDM/WDF differences? Any info
on this would help; I am OK with this as most of Vista contains these
quirks, but customers will probably not feel the same.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer