Hi, I just did a small experiment. Made a low-integrity cmd.exe, then used to it access a NoReadUp NoExeUp NoWriteUp arp.exe. The arp also has the Users group removed from ACL. When I ran the cmd-low.exe as admin, it was able to run arp.exe. I thought Integrity levels are supposed to over ride access controls ? Such that a low integrity exe can never access a medium integrity item ?
It could be because you ran cmd-low as admin. You could run Sysinternal's Process Explorer to verify the IL.
I added the Users group back to ARP.exe and ran cmd-low.exe as a normal user and tried to run arp: got access is denied. Process Explorer shows cmd-low as low integrity. So it seems integrity levels do work to a point. But isn't integrity levels supposed to trump ACLs ? I mean an admin cmd-low.exe still should not be able to run arp with NX NR NW. I checked process explorer and when I ran cmd-low.exe as admin, the integrity level column is blank.
This will still be the case, and the integrity levels are still there * a process with low integrity level can’t open a handle with full access to a process with a higher integrity level * a process with low integrity level can’t inject a DLL in a process with medium (or higher) integrity level. * ... Launch cmd.exe normally and it has a Low Integrity, but running cmd.exe as Administrator will lead to a High Integrity (even if you have set cmd.exe to low integrity)