Essentials – Access Director

Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group Access Director

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group Access Director. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possible ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require additional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Read more about latest additions at https://basic-bytes.com

Creating Installations for Device Driver Applications Using DPInst

When a Driver application gets installed on to a machine, it installs driver information like PNF, INF, CAT files in the location “C:Windowsinf”. By default, these files will be named as oemXX.pnf or oemXX.inf where XX stands for the number. Ex: oem1.INF, oem1.PNF and so on. So when we do a capture of such applications, these XX values will be hard coded which does affect many other device driver applications which are pre-existent in the machine. Hence, in this case we used to customize the package by writing few Custom actions using “setupapi.dll” in such a way that it checks for the max XX value which is present in the machine and install the PNF or INF file of the package.

This approach takes a lot time in creating multiple custom actions for copying oem/pnf files. In this article, we discuss on a executable “DPInst.exe” which makes your life easy in dealing with driver based packages.

Introduction to DPInst

DPInst is a component of the Microsoft Windows Driver Install Frameworks (DIFx) that simplifies and customizes the installation of driver packages for devices that are not yet installed on a computer (commonly known as a software-first installation). DPInst also automatically updates the drivers for any installed devices that are supported by the newly installed driver packages.

How Packages Install using DPInst

By default, when the Microsoft® Windows® Driver Package Installer (DPInst) runs, it runs in a wizard-install mode that displays a sequence of wizard pages. In wizard-install mode, DPInst first displays a welcome page, and then displays an end-user license agreement (EULA) page. After the user accepts the licensing agreement on the EULA page, DPInst displays an installation page, and then performs the following steps to install Plug and Play (PnP) function drivers:

  1. Locates the INF files. DPInst searches the directory where the DPInst executable (DPInst.exe) is located. DPInst also searches vendor-specified subdirectories under the directory where DPInst.exe is located. A vendor specifies the subdirectories by using the search and subDirectory XML elements in an optional DPInst descriptor file (DPInst.xml)
  2. Authenticates the driver packages.
  3. Preinstalls driver packages in the driver store.
  4. Adds an Add or Remove Program entry in Control Panel that represents a driver package. (DPInst does not support this feature on Windows Longhorn.)
  5. Installs the driver packages on matching devices that are connected to a computer.

After DPInst completes the installation of a driver package, DPInst displays a finish page that informs the user of the status of the installation.

DPInst supports a suppress-wizard mode that suppresses the display of wizard pages and other user messages that DPInst generates. It also supports command-line options that control the display of its wizard pages and other DPInst operations.

For general information about INF files and driver packages, see “Providing a Driver Package” in the Microsoft Windows Driver Development Kit (WDK).

Steps to Follow in MSI package

We need to follow these below steps to achieve efficient driver installation.

Step 1: Search for “*.inf” files in the captured folder.

Step 2: Cross check the contents of this file (step 1) with the contents of “*.inf” files under “[WindowsFolder]INF” folder.

Step 3: Delete the file “oemXX.inf” from “[WindowsFolder]INF” folder from your package.

Step 4: Copy DPInst.exe under the location where you get the “.inf” file.

Step 5: Write a custom action as shown below.

Fig 1

Click to view.

Fig 2

Click to view.

Fig 3

Click to view.

Repeat the above steps from 1 to 5 for each oemXX.inf files.

Now the MSI package created will be able to install the driver files without affecting the pre-existant application’s functionality as well as the operating system.

Features of DPInst:

  • Localization. There are two versions of DPInst: an English-only version and a multi-language version that supports many of the commonly used languages that Windows supports.
  • Driver installation customization. You can localize and customize the text, icon, and bitmaps that are displayed on wizard pages. You can include branding, an optional EULA, and control whether wizard pages are displayed.
  • Automatic driver package removal. For each driver package that is installed by DPInst, DPInst adds an entry to Add or Remove Programs (in Control Panel) where a user can remove the driver package from their computer. If the user removes a driver package, the package is removed from the driver store, the corresponding INF file is removed from the system INF file directory, and all devices that were previously supported by the package are updated with the next best available driver.
  • Installation error logs. DPInst logs high-level messages in the DPInst log file (%windir%DPINST.LOG). The log file is a plain-text file that contains information and error messages and identifies the driver package that was being installed when an error occurred.

References:

Driver Package Installer (DPInst)
http://msdn.microsoft.com/en-us/library/ms790308.aspx

DPInst Command-Line Switches
http://msdn.microsoft.com/en-us/library/ms790806.aspx

http://www.microsoft.com/whdc/driver/install/DIFxF…