ghacks Technology News

Windows Integrity Levels for extra security in Windows Vista

Microsoft build in a system called Windows Integrity Controls into Windows Vista which is basically a label for files with that identify its trustworthiness. What makes them interesting is the fact that they override the visible permissions of a file or folder. Six levels of trust can be assigned to files of the same or a lower permission level. Meaning that a normal user is not able to change the integrity level of a file that he has no permission for.

The six integrity levels are Trusted Installer, System (operating system processes), High (administrators), Medium, (non-administrators), Low (temporary Internet files) and Untrusted. As you can see even an administrator is not able to change the integrity level of files and folders that belong to Trusted Installers or System.

A command line tool is available that makes it quite easy to change the integrity level of files and folders. It is called CHML and available at a website that explains the process in detail.

The command “chml filename” displays the integrity level of that file. Modifying files and folders is only possible if changes are made in the Group Policy Editor:

  • Open gpedit.msc
  • Navigate to Computer Configuration / Windows Settings / Local Policies / User Rights Assignment
  • In the right-hand pane, you’ll see an entry “Modify an object label;” open it
  • By default, there are no user accounts listing with this privilege. Add your user account.
  • Close the Group Policy Editor
  • Log off, then back on to finish getting the new privilege on your logon token

The basic command to change the integrity level of files or folders in Windows Vista is chml -i:u, l, m, h, or s. Only one letter is obviously selected which stand for Untrusted, Low, Medium, High, or System.

Three additional options are available. The -nr, -nw and -nx options deny read, write and execute rights.

I did find the reference to Windows Integrity Levels at the Donation Coder forum where Skrommel was kind enough to create an Autohotkey Script that would add the functionality to the right-click menu.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

File Integrity Check
Check File Integrity With HashTab
Verify File Integrity Of Backups
Uncover File Manipulations With File Checksum Integrity Verifier [Windows]
Check Media Integrity



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Sunday March 30, 2008 -
Tags:, , , , , ,

Previous Post: See Who’s Watching Your Videos on YouTube

Next Post: Regscanner advanced Registry search

Click on the following link(s) to read more about Operating Systems, Security, Windows

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts


Follow This Blog

Ghacks Newsletter
RSS Feeds
Google+ Page
Facebook Fan Page
Twitter



Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us