![]() ![]() On the other hand, if it makes some kind of inter-process communication, then you won't be able to use the snap-in at all if the IPC channel requires more privileges than you have. If it makes changes to some data store directly (for example, by editing the registry or file system using the relevant APIs) or indirectly (for example, certificates are typically stored in the registry, even though you usually access them through crypto APIs that call the required registry APIs behind the scenes), then you can do whatever the ACLs on that data store permit your current user to do (for example, read-only access to system-wide certificates). If it supports both user-specific and system-wide settings, there's a decent chance you'll be able to use it (for the current user only) without elevated privileges. Some snap-ins will be completely useless with limited permissions (for example, diskmgmt.msc, the Disk Management snap-in, requires connecting to the Virtual Disk Service and I don't believe you can do that without elevated privileges try running the command-line equivalent diskpart.exe and if you don't elevate it'll return Access is denied).īasically, it depends what the snap-in does. ![]() For example, with non-admin permissions, you can edit your personal certificate store, but you will have read-only access to the system (machine) certificate store. Mmc.exe can be run with limited user permissions this just prevents it from doing most of the things you might want it to do. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |