Can GPOs allow access to "CreateStreamOnHGlobal function (combaseapi.h)" for non local admin?

Question

Can GPOs allow access to "CreateStreamOnHGlobal function (combaseapi.h)" for non local admin?

Schoeman, Daniel (FIS1) 1

Can GPOs allow access to "CreateStreamOnHGlobal function (combaseapi.h)" for non local admin? We have an Application which requires local admin rights, just for streaming big files using the following function. "CreateStreamOnHGlobal function (combaseapi.h)" We don't want to allow local admin rights for a user, when the application just needs access to this function. Is there another way, like using GPOs?

Fan Fan 15,191 Reputation points

2021-02-22T06:36:07.897+00:00

Hi,

If there are any updates, welcome to share here!
Please feel free to let us know if you have any questions further.

Best Regards,

Fan Fan 15,191 Reputation points

2021-02-22T06:36:07.897+00:00

Hi,

If there are any updates, welcome to share here!
Please feel free to let us know if you have any questions further.

Best Regards,

Answer 1

Hi,
Permission assignment can be done through OUs.

You can use organizational units (OUs) to delegate the administration of objects, such as users or computers, within the OU to a designated individual or group. To delegate administration by using an OU, place the individual or group to which you are delegating administrative rights into a group, place the set of objects to be controlled into an OU, and then delegate administrative tasks for the OU to that group.

But for the "CreateStreamOnHGlobal function (combaseapi.h)" , i didn't found any information about What specific permissions are required。

Best Regards,

Can GPOs allow access to "CreateStreamOnHGlobal function (combaseapi.h)" for non local admin?

1 answer

Activity