From: "Tony Mason" Newsgroups: comp.os.ms-windows.programmer.nt.kernel-mode References: <664inb$6sq$1@heliodor.xara.net> Subject: Re: Accessing a Remote File - Help! Date: Fri, 5 Dec 1997 20:58:38 -0500 Lines: 83 Organization: OSR Open Systems Resources, Inc. X-Newsreader: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 NNTP-Posting-Host: feanor.osr.com Message-ID: <3488b14d.0@news.osr.com> Path: news.mitre.org!blanket.mitre.org!philabs!newsjunkie.ans.net!newsfeeds.ans.net!news-was.dfn.de!news-kar1.dfn.de!newsfeed.nacamar.de!newsfeed.eerie.fr!sunqbc.risq.qc.ca!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!europa.clark.net!206.1.179.76!newsrouter.icnc.com!psinntp!news.osr.com!feanor.osr.com The return value you receive (STATUS_ACCESS_DENIED) indicates you are performing the open correctly. You just don't have access to the file. In general, a kernel mode driver operates with the credentials presently registered for the thread (or process) that is performing the operation. Since every workstation has its own credentials, independent of anyone logged onto the system, if you try to run in a system thread you will be using the system credentials. As a matter of general policy, NT workstations don't trust one another (I suppose you could modify this policy, although I know of no documented way to accomplish this.) Most likely the simplest solution to your problem is to build a Win32 service. Set it up so that it "logs on" to an account with credentials. Then, perform your operations in threads passed to your driver from your service. You will then be using the service credentials and the operation will succeed if you have permission to access the file (which it should if you set up the account correctly.) Best of luck on your project! Regards, Tony Tony Mason Consulting Partner OSR Open Systems Resources, Inc. mason@osr.com http://www.osr.com Mark Morley wrote in message <664inb$6sq$1@heliodor.xara.net>... >I need some help - I'm trying to access a remote file from my driver. > >First Question - Is it possible to access the file remotely? (From my driver >before any users have logged on). > >Second Question - Am I on the right track? > >The file is on a remote machine called SERVER under a share called Config in >a file called Cardconfig.ini. > >The following code snippet returns STATUS_ACCESS_DENIED > > RtlInitUnicodeString( &ntUnicodeString, >L"\\Device\\Mup\\SERVER\\Config\\Cardconfig.ini"); > InitializeObjectAttributes( &objectAttributes, &ntUnicodeString, >OBJ_INHERIT|OBJ_CASE_INSENSITIVE|OBJ_OPENIF , NULL, NULL ); > ntStatus = ZwCreateFile(&ntFileHandle, > FILE_READ_ACCESS, > &objectAttributes, > &ioStatus, > NULL, > 0, > FILE_SHARE_READ, > FILE_OPEN, > FILE_SYNCHRONOUS_IO_NONALERT, > NULL, > 0 ); > >I've also tried creating a security descriptor with >RtlCreateSecurityDescriptor, and set some of its members with >RtlSetDaclSecurityDescriptor >and then passed a pointer to it into the InitializeObjectAttributes >function, but again I keep getting STATUS_ACCESS_DENIED. > >PSECURITY_DESCRIPTOR psd; > ntStatus = RtlCreateSecurityDescriptor(psd, 1); > ntStatus = RtlSetDaclSecurityDescriptor(psd, TRUE, NULL, TRUE); // a NULL >DACL unconditionally grants access ???? > >I've tried many different conbinations of parameters for all the functions! > >Any help most gratefully received. > >Mark Morley > >