EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Mounting Drive for User and Elevated User

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#18350
Posted: 12/01/2011 04:10:32
by Christian Wimmer (Standard support level)
Joined: 11/18/2011
Posts: 16

hi

is there a way to show a mounting point drive only for a specific user who may also be elevated? If I set CBFS_SYMLINK_LOCAL within AddMountingPoint, the drive is not accessible by an elevated User. If I don't set CBFS_SYMLINK_LOCAL, all users on the machine can see the mounting point.
I also cannot call AddMountingPoint each time for different LUIDs (the user and her elevated linked token) because the drive already exists after the first call (Error 183, a file cannot be created if it already exists).

Additional Parameters like CBFS_SYMLINK_MOUNT_MANAGER and CBFS_SYMLINK_SIMPLE don't change anything.

THX
#18352
Posted: 12/01/2011 09:16:30
by Volodymyr Zinin (EldoS Corp.)

Quote
Christian wrote:
I also cannot call AddMountingPoint each time for different LUIDs

It should work in your case. Please specify what is the problem with it?
#18396
Posted: 12/07/2011 10:16:10
by Christian Wimmer (Standard support level)
Joined: 11/18/2011
Posts: 16

The main reason is the following:

Define a local drive that only the current user can see. In this case, it should be possible that another user can mount another drive which she can only see.

However, starting with Vista, UAC creates a duplicate token for users who are members of the administrators group. In such a case, and by default, the logon unique ID is different for those two tokens. And this is the reason, why a user can see the virtual drive without admin privileges but can't access it anymore if she uses an elevated process (like cmd with UAC admin). A problem arises because Setup applications on such a drive cannot be run with UAC because UAC cannot find the drive anymore.
#18403
Posted: 12/07/2011 11:00:53
by Volodymyr Zinin (EldoS Corp.)

Sorry but I didn't understand why the creation of an additional mounting point with elevated logon UID doesn't work for you? I mean after a virtual disk creation and mounting call AddMountingPoint twice with "elevated" and "nonelevated" LUIDs.
#18408
Posted: 12/08/2011 03:09:02
by Christian Wimmer (Standard support level)
Joined: 11/18/2011
Posts: 16

I just checked the problem again, and saw that one of the LUID was incorrect. THX
#18409
Posted: 12/08/2011 03:23:04
by Eugene Mayevski (EldoS Corp.)

So the problem is gone, right?


Sincerely yours
Eugene Mayevski
#18443
Posted: 12/12/2011 04:11:18
by Christian Wimmer (Standard support level)
Joined: 11/18/2011
Posts: 16

Sure, thx.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1059 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!