none
Can I override the security settings for a general device class? RRS feed

  • Question

  • I have a functioning driver that controls a Medium Changer class device.  It installs and all functionality is available for all users after installation without a reboot.  However, after a reboot I can only access it if I am "Administrator".  If I attempt to access the device as a standard user (which should be allowed), I get a permission denied error.

    Since I'm not setting any special security rules for the driver, I can only assume that the generic class for Medium Changers is root-only.

    What can I do, either in my installer or after the installation, to prevent Windows 10 from locking the device?


    • Edited by TOLISTim Friday, March 29, 2019 4:43 PM
    Friday, March 29, 2019 4:42 PM

All replies

  • Can someone in the know at least point me towards documentation on this?  The general security docs don't apply here that I can determine.


    • Edited by TOLISTim Monday, April 8, 2019 6:41 PM Spelling
    Monday, April 8, 2019 6:41 PM
  • I suspect that you're correct, and the class driver is putting an ACL on the device object (you can examine the ACL using WinObj, from Sysinternals). You may be able to overwrite the ACL from your INF file, as described here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, April 8, 2019 7:51 PM
    Moderator
  • Brian - thank you very much for these tips.

    I've opened WinObj and checked the generic MediumChangerDevice0 and changer0 entries and the strange thing is that they are both marked as Special for both Administrator and Backup Operations groups with Allow and all further flags set.  I would expect that this would allow a user in either group to access the device.  However, I'm getting INVALID_HANDLE_VALUE with errno 13 as the result from the call to CreateFile to get the handle.

    I'll keep digging, but this is a great start.

    Tim

    Monday, April 8, 2019 8:23 PM
  • Error number 13 is ERROR_INVALID_DATA. You might search the changer docs for that error

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, April 8, 2019 8:41 PM
    Moderator