简体繁体 English

管理员可以绕过 MiniFilters ACCESS_DENIED 吗？

[英]Can an administrator bypass MiniFilters ACCESS_DENIED?

原文 2019-09-23 07:05:08 5 1 windows/ driver/ minifilter

I'm planning to develop a windows driver using a minifilter to prevent certain file manipulations (such as file access).我计划使用微过滤器开发 windows 驱动程序以防止某些文件操作（例如文件访问）。

I checked this article that provides a good starting point on using this technology.我查看了这篇文章，它为使用这项技术提供了一个很好的起点。

On the screenshots at the end of that article, any deletion of a protected file asks for administrator privileges.在该文章末尾的屏幕截图中，任何受保护文件的删除都需要管理员权限。 My question is: can a minifilter also prevent file manipulation from an administrator of the system?我的问题是：微过滤器还可以防止系统管理员对文件进行操作吗？ If this is not the case, is there any way to prevent an administrator the file manipulation?如果不是这种情况，有没有办法防止管理员对文件进行操作？

Many thanks!非常感谢！

1 个解决方案

A minifilter can still return STATUS_ACCESS_DENIED for an operation performed by an Administrator running with elevated privileges.微过滤器仍然可以为管理员以提升的权限运行的操作返回 STATUS_ACCESS_DENIED。 This will prevent the operation from succeeding.这将阻止操作成功。 But it's nigh impossible to completely prevent an Administrator from doing something, because they can unload your driver, or override any access controls you create to prevent them from doing so.但是要完全阻止管理员做某事几乎是不可能的，因为他们可以卸载您的驱动程序，或覆盖您创建的任何访问控制以阻止他们这样做。 I would consider it a waste of time to try preventing an Administrator from doing anything.我认为试图阻止管理员做任何事情是浪费时间。

CreateFile 在 Win10 中返回 Access_Denied - CreateFile returns Access_Denied in Win10

拒绝访问Windows 7上的管理员帐户文件 - Access denied to file on windows 7 for Administrator account

尽管是管理员，但访问 localhost 仍被拒绝 - PowerShell - Access is denied to localhost despite being administrator - PowerShell

如果OpenProcess（）失败并显示ACCESS_DENIED，如何从pid获取进程文件名？ - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED?

启动Windows服务，但管理员提供“访问被拒绝” - Starting Windows service as anything but Administrator gives 'Access denied'

即使以管理员身份运行，打开$ MFT文件也会导致访问被拒绝 - Opening $MFT file causes Access denied even if run as administrator

Windows 10-WMIC / WMI远程访问被本地管理员拒绝 - Windows 10 - WMIC/WMI Remote Access denied with local administrator

Windows命令行访问被拒绝安装服务，我是管理员 - Windows command line access denied to install service, and I'm the administrator

访问被拒绝。您需要提供管理员权限才能执行此任务 - Access is denied. You'll need to provide administrator permission to perform this task

尽管以管理员身份运行powershell，如何删除出现错误“访问被拒绝”的文件？ - How to delete a file that is giving the error “Access is denied” despite running powershell as administrator?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 CreateFile 在 Win10 中返回 Access_Denied - CreateFile returns Access_Denied in Win10 拒绝访问Windows 7上的管理员帐户文件 - Access denied to file on windows 7 for Administrator account 尽管是管理员，但访问 localhost 仍被拒绝 - PowerShell - Access is denied to localhost despite being administrator - PowerShell 如果OpenProcess（）失败并显示ACCESS_DENIED，如何从pid获取进程文件名？ - How to get a process file name from pid, if OpenProcess() fails with ACCESS_DENIED? 启动Windows服务，但管理员提供“访问被拒绝” - Starting Windows service as anything but Administrator gives 'Access denied' 即使以管理员身份运行，打开$ MFT文件也会导致访问被拒绝 - Opening $MFT file causes Access denied even if run as administrator Windows 10-WMIC / WMI远程访问被本地管理员拒绝 - Windows 10 - WMIC/WMI Remote Access denied with local administrator Windows命令行访问被拒绝安装服务，我是管理员 - Windows command line access denied to install service, and I'm the administrator 访问被拒绝。您需要提供管理员权限才能执行此任务 - Access is denied. You'll need to provide administrator permission to perform this task 尽管以管理员身份运行powershell，如何删除出现错误“访问被拒绝”的文件？ - How to delete a file that is giving the error “Access is denied” despite running powershell as administrator?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM