On Wed, Apr 9, 2008 at 5:05 PM, Eric Wittersheim <[EMAIL PROTECTED]> wrote: > Is there any way I can grant my developers permissions to register dll files > to their local machine with out giving them local admin privies?
I doubt this could be done to any effective gain. Even if you created a wrapper so they can only invoke DllSelfRegister on a given DLL, anything in that DLL's routine will run privileged. So they've got all they need to royally screw things up or compromise security. Fine-grained permissions won't help -- I'm pretty sure registering COM controls and such requires write access to all of HKEY_CLASSES. Same issues. Ultimately, developers doing test installs need all the permissions usually reserved for local machine admins. Dedicated development testbed PCs used to be the usual method for solving this issue. These days, virtual machines are my preferred solution. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
