Solved

Drive access rigths

Posted on 2004-10-19
7
225 Views
Last Modified: 2013-12-04
Hello windows security experts!

I'm working in a application that must access to a drive, but:

- only administration has permission to access the drive
- most of the users of the application don't have administration profile
- so, it's necessary to unblock the drive, copy the files again and block again it

I wonder if is possible to write a C or C++ program to unblock the drive, even if the program is executed by the normal user that doesn't has persmision to read the drive.

I supose that there is a command like UNIX 'sudo' or something like that, to perform this action. I have been looking a solution using  the 'DeviceIoControl' command, but I think I'm missing somethig because the application can't control a device if it has no rigths to do it (becouse of the profile).

The process could be like that:

1) get rigths to control a device
2) unblock
3) copy files
4) block
5) cancel rights

Any suggestion or code piece?

Thanks!!
0
Comment
Question by:elrichal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:msice
ID: 12349512
I think the only way you could do this is if you coded the admin username and password to perform the unblock and relock of the drive. You could use Net command for this sounds sketchy to me.
0
 
LVL 2

Expert Comment

by:mahmudaq
ID: 12354606
An ordinary user ( not an administrator) cannot change drive permissions/rights. However, a user with administrator privileges can change permissions by first taking ownership of the drive.

Its important to understand the difference here - you can have a user who is NOT the Administrator but is included in the Admninistrators Group - so has admin rights to take ownership.

On the other hand, a user who is not in the Administrators group cannot do this on standard NTFS security.
0
 

Author Comment

by:elrichal
ID: 12355499
Thanks mahmudaq, that's what I have try to write down in my question but my english is too bad I guess.

As far as I know in UNIX systems any user can execute 'Administration' comands using a special command named 'sudo'. You have to identify your self as the user with permissions and type the command you have to run.

I wonder if there is any way to do that in Windows to avoid the problem that the current user don't have as much permissions as a Administrator user.

Thanks.

Ricardo
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 2

Accepted Solution

by:
mahmudaq earned 125 total points
ID: 12356295
such a command does exist on Windows 2000 and XP: RUNAS

type runas on the console prompt and you'll get a message displayed regarding its usage.

you can also look up its documentation in Windows Help.
0
 
LVL 7

Expert Comment

by:msice
ID: 12359166
You can use the Net command for this and pass the Admins username and password.
0
 

Author Comment

by:elrichal
ID: 12369265
RUNAS ... that's what I was looking for ... thanks mahmudaq!

I will accept your answer but If you can provide any example, hint or advice of how and how not to use the command I can give you a higher grade. :) (125 points deserve this, don't you think?)

Thanks.
0
 
LVL 2

Expert Comment

by:mahmudaq
ID: 12377491
heres a hint - the rest is up to you - i cant give you the entire solution ...

u can use the WinExec("DOS COMMAND",0) function in a Win32 Console App using Visual C++ to execute DOS commands from a C++ app.

as far as points and grade are concerned - just keep the grading fair coz id rather not get a grade at all than get a bad grade ...
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question