[Q] DIFx tools to install drivers by non-admin users

Discussion in 'Windows Vista Drivers' started by Gramps, Aug 13, 2004.

  1. Gramps

    Gramps Guest


    Can these new tools be used to install drivers by users with
    non-administrative rights? I'm guessing the answer is no.
    Gramps, Aug 13, 2004
  2. Your guess is correct. You need write access to a part of the registry
    that unprivileged users don't have, and you need a special privilege to
    start and stop drivers. Outside of that (or a helper service running as
    administrator), non-administrative users cannot install drivers.

    Steve Dispensa [MVP], Aug 13, 2004
  3. Gramps

    Gramps Guest

    Can you gibe me more information regarding the "helper service running as
    administrator"? What API is available for this?
    Gramps, Aug 13, 2004
  4. That would be RunAs which will allow you to login as Adimin and return you
    to your original login on task completion.

    The personal opinion of
    Gary G. Little

    Gary G. Little, Aug 13, 2004
  5. You can, of course, also write your own service. This is fairly
    standard fare; look at the PSDK for guidance and sample code. When it
    is installed, it should be set to run as administrator.

    BEWARE- you are *begging* for a privilege escalation attack here! You
    *must* be careful how you do things. Think about signing installers
    with a special private key, etc. In fact, don't try this without an
    experienced security person handy - your customers will hate you if you
    install yet another attack vector onto their boxes.

    Steve Dispensa [MVP], Aug 13, 2004
  6. Gramps

    Pavel A. Guest

    Since DifX works in the MSI framework, maybe you can use the
    same way of executing under admin rights that is provided by MSI?

    ( I haven't used it yet, would be great if somebody from DifX team
    can comment on this )
    Pavel A., Aug 14, 2004
