Elevating security privileges for creation and use of component object model (COM) objects without escalating to administrator profile.

摘要

Component object model (COM) objects are created and used by a user without the need to upgrade to administrator privileges by using a black and white list of COM policies which is administered by software which sits between existing software structures, intercepts calls to create and use COM objects, and allows/denies them according to the predefined security policies. This bypasses the need for a user to obtain administrator privileges by customising the security access control to a much more granular level than the standard Microsoft (RTM) user account control (UAC) system. A COM creating unit 800 intercepts a request for creation of an elevated COM object by a first user process, determines whether the first user process is entitled to access the COM object, and creates the COM object without elevated privileges. A COM implementing unit intercepts a second user process that implements the COM object, confirms that the second user process is entitled to access the COM object and elevates the privilege level of the second user process to implement the elevated COM object.