HLEE
2001-08-05, 03:53 PM
經常有人遭遇到使用Nero權限不足的問題,
而一般的答案皆是更換WNASPI32.DLL這個檔案即可。
我也曾提出這個問題,但更換WNASPI32.DLL後並無法解決。
在深入研究後,獲得了解決方法。
由於搜尋中外網站及討論區尚未見到有人提出,
所以在這裡貼出來與大家分享。
在NT4/2000下只有Administrators群組擁有使用權限,
這在Nero的說明檔裡有著以下說明:
Nero user group and recording priviledges under NT4/Win2k
======================================================
Under Windows NT4 and Windows 2000 there must be a way to handle the
security aspects of CD recording. CD premastering software like Nero
must be able to send SCSI/IDE commands to CD-ROM/DVD-ROM drives or CD
recorders capable of writing on CDs. However, from the operating system's
point of view, being able to send SCSI/IDE commands to devices is a huge
security problem, because software could use the SCSI/IDE commands to
format the harddisk, read other user's data or create other severe problems.
That is why Microsoft decided to allow low level driver access only for
programs running with administrator rights. This also is why Nero 5.0 could
burn CDs only under the administrator login.
Now, let's assume the situation of a Windows NT4 or Windows 2000 PC in a
network environment and with many different users. Security considerations
make it absolutely impossible to grant administrator rights to all. So
firstly, there must be a way to allow CD recording for non-administrators
and being able to decide which users may record CDs and which users may not.
The way Nero solves this problem is to allow system administrators to assign
during installation a group of users the rights to record CDs on the system.
If an administrator wants to allow or disallow CD recording for certain
users, it is enough to make the user member of this group or to remove the
group membership of that user. If everybody should get the right to record
CDs, the recording rights should be assigned to the group "Users".
In some situations, it might be convenient for the administrator to change
the group assigned CD recording permissions. Nero has a new property page
with title "Security". This page can be opened by using the menu command
"File"->"Preferences". Administrators may edit and normal users may only
view the group name of the users, that have the permission to burn CDs.
Any changes of these settings become effictive after the next system restart.
Uninstalling Nero will cause the recording CD rights to be removed again.
解決的方法是安裝Nero Security Service。步驟如下:
1.在安裝Nero期間,Nero會解壓縮到Temp資料夾
2.Nero安裝完畢並重新開機後,將Temp資料夾裡Nero/Misc內的所有檔案Copy到安裝路徑的
Misc資料夾內。
3.安裝NeroSecurity.inf。
4.安裝期間指定Administrator為登入帳號,並勾取
"Grants access to CdRom drives to members of Users group"(此為指定所有使用者
皆可使用)
5.重新開機
6.然後所有Users就都可以使用Nero了。
請注意這段話:
"However, from the operating system's point of view, being able to send
SCSI/IDE commands to devices is a huge security problem, because software
could use the SCSI/IDE commands to format the harddisk, read other user's
data or create other severe problems."
所以我們要對Nero的使用者加以限制。
重新以Administrator進入Nero後,會看到"File->Preferences"內增加了Security標籤,
在我的情況此標籤是不作用的,所以我們要從登錄檔指定Users。
首先先增加一個允許使用Nero的群組,將允許使用的Users加入此群組,
然後開啟Regedit,進入這段機碼:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NeroSVC
將Group的值由Users改為自訂的群組,如此便指定了此群組的成員才可使用Nero,
只要重新開機便可生效。
若要暫時關閉Nero Security Service,只要將NeroSVC這項服務停用或改為手動即可。
安裝NeroSecurityUninstall.inf便可移除這項功能。
希望對大家有幫助,同時若有任何地方不妥,也請大家不吝指教,謝謝!
而一般的答案皆是更換WNASPI32.DLL這個檔案即可。
我也曾提出這個問題,但更換WNASPI32.DLL後並無法解決。
在深入研究後,獲得了解決方法。
由於搜尋中外網站及討論區尚未見到有人提出,
所以在這裡貼出來與大家分享。
在NT4/2000下只有Administrators群組擁有使用權限,
這在Nero的說明檔裡有著以下說明:
Nero user group and recording priviledges under NT4/Win2k
======================================================
Under Windows NT4 and Windows 2000 there must be a way to handle the
security aspects of CD recording. CD premastering software like Nero
must be able to send SCSI/IDE commands to CD-ROM/DVD-ROM drives or CD
recorders capable of writing on CDs. However, from the operating system's
point of view, being able to send SCSI/IDE commands to devices is a huge
security problem, because software could use the SCSI/IDE commands to
format the harddisk, read other user's data or create other severe problems.
That is why Microsoft decided to allow low level driver access only for
programs running with administrator rights. This also is why Nero 5.0 could
burn CDs only under the administrator login.
Now, let's assume the situation of a Windows NT4 or Windows 2000 PC in a
network environment and with many different users. Security considerations
make it absolutely impossible to grant administrator rights to all. So
firstly, there must be a way to allow CD recording for non-administrators
and being able to decide which users may record CDs and which users may not.
The way Nero solves this problem is to allow system administrators to assign
during installation a group of users the rights to record CDs on the system.
If an administrator wants to allow or disallow CD recording for certain
users, it is enough to make the user member of this group or to remove the
group membership of that user. If everybody should get the right to record
CDs, the recording rights should be assigned to the group "Users".
In some situations, it might be convenient for the administrator to change
the group assigned CD recording permissions. Nero has a new property page
with title "Security". This page can be opened by using the menu command
"File"->"Preferences". Administrators may edit and normal users may only
view the group name of the users, that have the permission to burn CDs.
Any changes of these settings become effictive after the next system restart.
Uninstalling Nero will cause the recording CD rights to be removed again.
解決的方法是安裝Nero Security Service。步驟如下:
1.在安裝Nero期間,Nero會解壓縮到Temp資料夾
2.Nero安裝完畢並重新開機後,將Temp資料夾裡Nero/Misc內的所有檔案Copy到安裝路徑的
Misc資料夾內。
3.安裝NeroSecurity.inf。
4.安裝期間指定Administrator為登入帳號,並勾取
"Grants access to CdRom drives to members of Users group"(此為指定所有使用者
皆可使用)
5.重新開機
6.然後所有Users就都可以使用Nero了。
請注意這段話:
"However, from the operating system's point of view, being able to send
SCSI/IDE commands to devices is a huge security problem, because software
could use the SCSI/IDE commands to format the harddisk, read other user's
data or create other severe problems."
所以我們要對Nero的使用者加以限制。
重新以Administrator進入Nero後,會看到"File->Preferences"內增加了Security標籤,
在我的情況此標籤是不作用的,所以我們要從登錄檔指定Users。
首先先增加一個允許使用Nero的群組,將允許使用的Users加入此群組,
然後開啟Regedit,進入這段機碼:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NeroSVC
將Group的值由Users改為自訂的群組,如此便指定了此群組的成員才可使用Nero,
只要重新開機便可生效。
若要暫時關閉Nero Security Service,只要將NeroSVC這項服務停用或改為手動即可。
安裝NeroSecurityUninstall.inf便可移除這項功能。
希望對大家有幫助,同時若有任何地方不妥,也請大家不吝指教,謝謝!