Hi,
I've been asked to provide a program/script/whatever that enables or disables the
devices without requiring admin rights, that is, that can be run by a 'normal' user.
Ideally, something like a command line utility: C:> foobar cdrom /disable
Any pointers, hints or clues gratefully accepted!
Thanks,
Rony
Without finding a security hole in Vista, it just plain can't be done. They require admin rights for a reason --- that's the type of things only admins should be doing.
There is a command-line utility (devcon.exe, available here), which will enable/disable devices, but it's still going to require admin rights. It's syntax is:
DEVCON disable {device id} where {device id} is one of the "Hardware ids" listed under the "details" tab of the device's Device Manager property page.
First of all you should check if user without admin rights can do it from windows ui, using Device Manager. And I really doubt it.
If you happen to be on a domain, I think you can disable all of that through a group policy.
You could write a service that runs as a privileged account (e.g. Local System), and write a GUI front-end application which communicates with the server. The non-admin user can then run the front-end.