privileges on program installing a device

Hi all.

I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
install a device file-system on a pc. I would that the program could be
started as standard user on Vista, and then, if needed, it ask to user to
grant the authorization to do the needed things. How can I do?

Thank you.

As witten in the other newsgroup:

Looking at http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
Vista, but because I was using a Windows Xp platform to develop my
application, the privilege is not present.


"Roberto Agostino" <> ha scritto nel messaggio
news:...
> Hi all.
>
> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
> install a device file-system on a pc. I would that the program could be
> started as standard user on Vista, and then, if needed, it ask to user to
> grant the authorization to do the needed things. How can I do?
>
> Thank you.
>
>

What is this "device file-system"?
Windows is not Linux.
-- pa

"Roberto Agostino" <> wrote in message
news:#...
> As witten in the other newsgroup:
>
> Looking at http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
> I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
> Vista, but because I was using a Windows Xp platform to develop my
> application, the privilege is not present.
>
>
> "Roberto Agostino" <> ha scritto nel messaggio
> news:...
>> Hi all.
>>
>> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
>> install a device file-system on a pc. I would that the program could be
>> started as standard user on Vista, and then, if needed, it ask to user to
>> grant the authorization to do the needed things. How can I do?
>>
>> Thank you.
>>
>>
>
>

Sorry!
I did not want to mix up.
What is the more appropriate generic term for a ramdisk, a memory virtual
disk?

"Pavel A." <> ha scritto nel messaggio
news:...
> What is this "device file-system"?
> Windows is not Linux.
> -- pa
>
> "Roberto Agostino" <> wrote in message
> news:#...
>> As witten in the other newsgroup:
>>
>> Looking at http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
>> I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
>> Vista, but because I was using a Windows Xp platform to develop my
>> application, the privilege is not present.
>>
>>
>> "Roberto Agostino" <> ha scritto nel messaggio
>> news:...
>>> Hi all.
>>>
>>> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
>>> install a device file-system on a pc. I would that the program could be
>>> started as standard user on Vista, and then, if needed, it ask to user
>>> to grant the authorization to do the needed things. How can I do?
>>>
>>> Thank you.
>>>
>>>
>>
>>

"Roberto Agostino" <> wrote in message
news:...
> Sorry!
> I did not want to mix up.
> What is the more appropriate generic term for a ramdisk, a memory virtual
> disk?

Maybe, just a "virtual disk".

If you need to enable a privilege in runtime, see this
http://msdn.microsoft.com/en-us/libr...19(VS.85).aspx
or look for other examples for AdjustTokenPrivileges.


Regards,
-- pa

> "Pavel A." <> ha scritto nel messaggio
> news:...
>> What is this "device file-system"?
>> Windows is not Linux.
>> -- pa
>>
>> "Roberto Agostino" <> wrote in message
>> news:#...
>>> As witten in the other newsgroup:
>>>
>>> Looking at
>>> http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
>>> I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
>>> Vista, but because I was using a Windows Xp platform to develop my
>>> application, the privilege is not present.
>>>
>>>
>>> "Roberto Agostino" <> ha scritto nel messaggio
>>> news:...
>>>> Hi all.
>>>>
>>>> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
>>>> install a device file-system on a pc. I would that the program could be
>>>> started as standard user on Vista, and then, if needed, it ask to user
>>>> to grant the authorization to do the needed things. How can I do?
>>>>
>>>> Thank you.
>>>>

A ramdisk is a "virtual disk" but so are other drivers such as OSR's
recently published driver that mounts disk images and iso files. I prefer
to use "ramdisk" only for those that use volatile memory to simulate a disk
drive and "virtual disk" for those with a permanent store.

"Pavel A." <> wrote in message
news:...
> "Roberto Agostino" <> wrote in message
> news:...
>> Sorry!
>> I did not want to mix up.
>> What is the more appropriate generic term for a ramdisk, a memory virtual
>> disk?
>
> Maybe, just a "virtual disk".
>
> If you need to enable a privilege in runtime, see this
> http://msdn.microsoft.com/en-us/libr...19(VS.85).aspx
> or look for other examples for AdjustTokenPrivileges.
>
>
> Regards,
> -- pa
>
>> "Pavel A." <> ha scritto nel messaggio
>> news:...
>>> What is this "device file-system"?
>>> Windows is not Linux.
>>> -- pa
>>>
>>> "Roberto Agostino" <> wrote in message
>>> news:#...
>>>> As witten in the other newsgroup:
>>>>
>>>> Looking at
>>>> http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
>>>> I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
>>>> Vista, but because I was using a Windows Xp platform to develop my
>>>> application, the privilege is not present.
>>>>
>>>>
>>>> "Roberto Agostino" <> ha scritto nel messaggio
>>>> news:...
>>>>> Hi all.
>>>>>
>>>>> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
>>>>> install a device file-system on a pc. I would that the program could
>>>>> be started as standard user on Vista, and then, if needed, it ask to
>>>>> user to grant the authorization to do the needed things. How can I do?
>>>>>
>>>>> Thank you.
>>>>>
>
>

> or look for other examples for AdjustTokenPrivileges.

Just never ever do "disable all privileges" thing.

It also disables the traverse checking privilege, which ruins Win32 - the new processes with lack of such privilege cannot connect to CSRSS's API port and thus cannot start - the DllMain of kernel32.dll fails.

This was observed on XP with Fast User Switching on.

If you do AdjustTokenPrivileges in Explorer-loaded DLL, then you turn it off for the whole Explorer and thus for all new processes.

I think this was MS's error to provide the "disable all privileges" feature in AdjustTokenPrivileges, since some of them are mandatory for Win32 to work.

--
Maxim S. Shatskih
Windows DDK MVP

http://www.storagecraft.com

Thanks for your explanation.

Roberto


"Pavel A." <> ha scritto nel messaggio
news:...
> "Roberto Agostino" <> wrote in message
> news:...
>> Sorry!
>> I did not want to mix up.
>> What is the more appropriate generic term for a ramdisk, a memory virtual
>> disk?
>
> Maybe, just a "virtual disk".
>
> If you need to enable a privilege in runtime, see this
> http://msdn.microsoft.com/en-us/libr...19(VS.85).aspx
> or look for other examples for AdjustTokenPrivileges.
>
>
> Regards,
> -- pa
>
>> "Pavel A." <> ha scritto nel messaggio
>> news:...
>>> What is this "device file-system"?
>>> Windows is not Linux.
>>> -- pa
>>>
>>> "Roberto Agostino" <> wrote in message
>>> news:#...
>>>> As witten in the other newsgroup:
>>>>
>>>> Looking at
>>>> http://msdn.microsoft.com/en-us/libr...(PROT.13).aspx
>>>> I found that SE_CREATE_SYMBOLIC_LINK_NAME is a privilege introduced in
>>>> Vista, but because I was using a Windows Xp platform to develop my
>>>> application, the privilege is not present.
>>>>
>>>>
>>>> "Roberto Agostino" <> ha scritto nel messaggio
>>>> news:...
>>>>> Hi all.
>>>>>
>>>>> I want enable the SE_CREATE_SYMBOLIC_LINK_NAME to a process-token that
>>>>> install a device file-system on a pc. I would that the program could
>>>>> be started as standard user on Vista, and then, if needed, it ask to
>>>>> user to grant the authorization to do the needed things. How can I do?
>>>>>
>>>>> Thank you.
>>>>>
>
>