[英]Can an administrator bypass MiniFilters ACCESS_DENIED?
I'm planning to develop a windows driver using a minifilter to prevent certain file manipulations (such as file access).我计划使用微过滤器开发 windows 驱动程序以防止某些文件操作(例如文件访问)。
I checked this article that provides a good starting point on using this technology.我查看了 这篇文章,它为使用这项技术提供了一个很好的起点。
On the screenshots at the end of that article, any deletion of a protected file asks for administrator privileges.在该文章末尾的屏幕截图中,任何受保护文件的删除都需要管理员权限。 My question is: can a minifilter also prevent file manipulation from an administrator of the system?
我的问题是:微过滤器还可以防止系统管理员对文件进行操作吗? If this is not the case, is there any way to prevent an administrator the file manipulation?
如果不是这种情况,有没有办法防止管理员对文件进行操作?
Many thanks!非常感谢!
A minifilter can still return STATUS_ACCESS_DENIED for an operation performed by an Administrator running with elevated privileges.微过滤器仍然可以为管理员以提升的权限运行的操作返回 STATUS_ACCESS_DENIED。 This will prevent the operation from succeeding.
这将阻止操作成功。 But it's nigh impossible to completely prevent an Administrator from doing something, because they can unload your driver, or override any access controls you create to prevent them from doing so.
但是要完全阻止管理员做某事几乎是不可能的,因为他们可以卸载您的驱动程序,或覆盖您创建的任何访问控制以阻止他们这样做。 I would consider it a waste of time to try preventing an Administrator from doing anything.
我认为试图阻止管理员做任何事情是浪费时间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.