First, they are not considered to be of the same user as explorer for the purposes of COM, so you can't connect to a COM server running in such a process. But in the July CTP version of the SDK, TokenIntegrityLevelDesktop has disappeared.įurthermore, it turns out that processes with a token manipulated by SAFER and SetTokenInformation behave strangely in a number of ways. And still further note that under Beta 2, it is insufficient to set TokenIntegrityLevel - one must also set TokenIntegrityLevelDesktop (with SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED_DESKTOP). And also note that when setting TokenIntegrityLevel, should probably be set to SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED, not just SE_GROUP_INTEGRITY. Also note that, as christophilus discovered above, setting TokenVirtualizationAllowed to TRUE does not even work via SetTokenInformation (at least in Beta 2). TokenLinkedToken, TokenHasRestrictions, TokenAccessInformation, and TokenMandatoryPolicy) whose meaning I do not understand and which I did not even try checking, so I do not know if SAFER dealt with them. Please note that there are several more new token information types (e.g. Indeed it is true that SAFER does not (at least in Vista Beta 2) set the TokenIntegrityLevel to the medium SID, nor TokenVirtualizationAllowed to TRUE, nor even TokenElevationType (whatever its effect is.) to TokenElevationTypeLimited.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |