elrichal
asked on
Drive access rigths
Hello windows security experts!
I'm working in a application that must access to a drive, but:
- only administration has permission to access the drive
- most of the users of the application don't have administration profile
- so, it's necessary to unblock the drive, copy the files again and block again it
I wonder if is possible to write a C or C++ program to unblock the drive, even if the program is executed by the normal user that doesn't has persmision to read the drive.
I supose that there is a command like UNIX 'sudo' or something like that, to perform this action. I have been looking a solution using the 'DeviceIoControl' command, but I think I'm missing somethig because the application can't control a device if it has no rigths to do it (becouse of the profile).
The process could be like that:
1) get rigths to control a device
2) unblock
3) copy files
4) block
5) cancel rights
Any suggestion or code piece?
Thanks!!
I'm working in a application that must access to a drive, but:
- only administration has permission to access the drive
- most of the users of the application don't have administration profile
- so, it's necessary to unblock the drive, copy the files again and block again it
I wonder if is possible to write a C or C++ program to unblock the drive, even if the program is executed by the normal user that doesn't has persmision to read the drive.
I supose that there is a command like UNIX 'sudo' or something like that, to perform this action. I have been looking a solution using the 'DeviceIoControl' command, but I think I'm missing somethig because the application can't control a device if it has no rigths to do it (becouse of the profile).
The process could be like that:
1) get rigths to control a device
2) unblock
3) copy files
4) block
5) cancel rights
Any suggestion or code piece?
Thanks!!
I think the only way you could do this is if you coded the admin username and password to perform the unblock and relock of the drive. You could use Net command for this sounds sketchy to me.
An ordinary user ( not an administrator) cannot change drive permissions/rights. However, a user with administrator privileges can change permissions by first taking ownership of the drive.
Its important to understand the difference here - you can have a user who is NOT the Administrator but is included in the Admninistrators Group - so has admin rights to take ownership.
On the other hand, a user who is not in the Administrators group cannot do this on standard NTFS security.
Its important to understand the difference here - you can have a user who is NOT the Administrator but is included in the Admninistrators Group - so has admin rights to take ownership.
On the other hand, a user who is not in the Administrators group cannot do this on standard NTFS security.
ASKER
Thanks mahmudaq, that's what I have try to write down in my question but my english is too bad I guess.
As far as I know in UNIX systems any user can execute 'Administration' comands using a special command named 'sudo'. You have to identify your self as the user with permissions and type the command you have to run.
I wonder if there is any way to do that in Windows to avoid the problem that the current user don't have as much permissions as a Administrator user.
Thanks.
Ricardo
As far as I know in UNIX systems any user can execute 'Administration' comands using a special command named 'sudo'. You have to identify your self as the user with permissions and type the command you have to run.
I wonder if there is any way to do that in Windows to avoid the problem that the current user don't have as much permissions as a Administrator user.
Thanks.
Ricardo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can use the Net command for this and pass the Admins username and password.
ASKER
RUNAS ... that's what I was looking for ... thanks mahmudaq!
I will accept your answer but If you can provide any example, hint or advice of how and how not to use the command I can give you a higher grade. :) (125 points deserve this, don't you think?)
Thanks.
I will accept your answer but If you can provide any example, hint or advice of how and how not to use the command I can give you a higher grade. :) (125 points deserve this, don't you think?)
Thanks.
heres a hint - the rest is up to you - i cant give you the entire solution ...
u can use the WinExec("DOS COMMAND",0) function in a Win32 Console App using Visual C++ to execute DOS commands from a C++ app.
as far as points and grade are concerned - just keep the grading fair coz id rather not get a grade at all than get a bad grade ...
u can use the WinExec("DOS COMMAND",0) function in a Win32 Console App using Visual C++ to execute DOS commands from a C++ app.
as far as points and grade are concerned - just keep the grading fair coz id rather not get a grade at all than get a bad grade ...