Vista Tutorial - Vista Non-admin problem

Hi all,
The process doesn't have admin rights to open Registry Key,
CreateFile, etc .... That is If i accesses any admin privileged
resource that will be failed in vista(Even if the account type is
administrator or standard user).
Am using CreateFile. Its failed on TAP device,
\\.\Global\{..}.tap: Access is denied. Do we need to set any specific
Security policy for resolving this issue? Tried some of them under user
control. But everything ends in failure. Can anyone help on this?
Thanks.


--
vista
------------------------------------------------------------------------
vista's Profile: http://forums.techarena.in/member.php?userid=30845
View this thread: http://forums.techarena.in/showthread.php?t=815553

http://forums.techarena.in

Problem is we are getting the "Access is denied" error when we try to
access the TAP device using CreateFile() function.

Following are the various configuration changes we tried in Vista
Business trial version to fix this CR.
But everything ends in failure.

1. Tried the following Group Policy option in Vista
Click Start, type gpedit.msc in the Search box, and press ENTER
Go to the following branch:
User Configuration | Administrative Templates | System

Double-click Prevent access to registry editing tools
Set it as Not Configured
This option didnt helped.
2. Tried the following Security Policy options in Vista

-> Enabled UAC to Run all administrators in admin approval mode and


-> Network access for remotely accessing registry path and
subpaths.

Both options didnt helped.

3. Used third party utility(SubInACL) to add administrator permissions
to every key in the registry from the link:
http://www.microsoft.com/technet/tec...s/2006/11/UAC/
This is failed as we are not able to set the registry permissions using
this utility procedures.
4. "Removable Storage Devices and Win Vista support" document provided
by Microsoft Support.

It was mentioned in that document that,
"Application such as CD-burning applications or video games that use
SCSI pass-through requests to send commands to devices require Full
access to the storage device driver’s interface. However, such requests
require elevated privileges to send commands to the drive, and in
Windows Vista, the user is not granted elevated privileges by default,
even if the user is a member of the Administrator group. Therefore,
applications that assume that the access permissions for device access
will be the same as the logged-on user’s permissions might break if an
operation requires elevated privileges. Such an application would fail
to open a handle to the storage device driver interface, and therefore
the application would fail to work in Windows Vista.
Important: It is not necessary to change these applications to be "UAC
aware" and prompt the user for elevation of privileges for specific
operations. Such a change would break application compatibility between
Windows Vista and earlier versions of the Windows operating system.
Instead, Windows Vista grants higher privileges by default to the
Interactive User (IU) group for CD and DVD drives that have the
Removable property set. This default allows applications to open a
handle to removable media drives for sending SCSI pass-through requests
without prompting the user for elevation of privileges."

But we are not able to set REMOVABLE property for our TAP device, so
that VISTA will grant access for that.
5. Changed the user permission in registry path as follow: i) Open
regedit and go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class
ii) Right click on the key to want to change and choose Permissions
from the menu.
iii) Click on the Advanced button and go to the Owner tab
iv) Change the owner to the local machine's Administrators group,
checking the Replace owner on subcontainers and objects box.
v) Click on the OK buttons until the initial Permissions dialog has
disappeared.
We now have permission to view/edit the registry entries. If we are not
a member of the Administrators group, then we need to add the user
account to the list of accounts who can access that registry key.

Once the above procedure was tried out, we are able to access the
registry properly but still NetDirect failed due to CreateFile()
function for TAP device.

Can anyone please help on this?


--
vista
------------------------------------------------------------------------
vista's Profile: http://forums.techarena.in/member.php?userid=30845
View this thread: http://forums.techarena.in/showthread.php?t=815553

http://forums.techarena.in

Hi all,
why Vista has two user types? When we select "Administrator" user
type, there are some paths and registry not accessable by them. Since
description of that user type said its "a user with admin rights". Then
how can we enable full access to them? Is there anyway to do that? And
also the created admin user don't know the actual admin credentials,
username and passwd. Thanks in advance.


--
vista
------------------------------------------------------------------------
vista's Profile: http://forums.techarena.in/member.php?userid=30845
View this thread: http://forums.techarena.in/showthread.php?t=815553

http://forums.techarena.in

"vista" wrote:
Try using the information in my post 'Problematic Updates in Windows Vista',
also in this newsgroup, to activate the main Administrator account and see if
you can solve your problem using this account. Do not use this account any
more than you need to - when you have finished using it, it is probably safer
to disable it again.

Hi,

Thanks for your help. My application is automatically invoked by
CreateProcess(). Is this right to place the below manifest file in the
application executable folder.

My exe : sample.exe
Manifest file name : sample.exe.manifest



Manifest file contents:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn: schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="sample.exe"
type="win32"/>
<description> Sample Exe Description</description>

<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn: schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

Will Vista pick it up automatically when i call my application .exe?
Will this manifest file work for both user types, 'Standard user' and
'Administrator'? Do we need to do any specific changes in this file
content?


--
vista
------------------------------------------------------------------------
vista's Profile: http://forums.techarena.in/member.php?userid=30845
View this thread: http://forums.techarena.in/showthread.php?t=815553

http://forums.techarena.in