强制第三方应用程序以低MIC运行的简单方法? [英] Easy way to force 3rd party app to run with low MIC?

问题描述

大家好，

让我们暂时假设我拥有一个我不完全信任的应用程序.我已经确定了应用程序需要读取和写入哪些注册表项以及哪些文件.然后，我修改了ACL，以为MIC低的应用程序的所有密钥/文件提供适当的权限.

Let's presume for a moment that I have an application that I don't totally trust.  I have determined both what registry keys and what files the application needs to read and write.  I have then modified the ACLs to allow the appropriate permissions for all the keys/files for apps with low MIC.

是否有一种简单的方法来使该第三方应用程序以低特权运行?理想情况下，只需右键单击并设置一些属性即可.如果清单可以使用，应该包含哪些内容?

Is there an easy way to cause this 3rd party application to run with low privilege?  Ideally, just right-clicking and setting some property would be nice.  If a manifest would work, what contents should it have?

谢谢！

推荐答案

icacls<可执行名称> /setintegritylevel低

应该做到这一点.请记住，徘徊者低完整性模式只能阻止 write 写入较高完整性的位置.低完整性进程仍可以读取用户帐户可以读取的任何数据.

Should do the trick. Bear in mind, hoverer, low integrity mode only prevents writing to higher integrity locations. Any data the user account can read can still be read by low integrity processes.

这篇关于强制第三方应用程序以低MIC运行的简单方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！