Manage Windows Vista's Integrity Levels with chml utility

Windows Vista includes a new notion of what were originally called "Mandatory Integrity Controls" but eventually became "Windows Integrity Levels." Under WIL, every object that have permission can also have a label that identifies its "integrity level." Files and folders have integrity levels, as do users and processes.  It is, thus, a sort of set of […]

Windows Vista includes a new notion of what were originally called "Mandatory Integrity Controls" but eventually became "Windows Integrity Levels." Under WIL, every object that have permission can also have a label that identifies its "integrity level." Files and folders have integrity levels, as do users and processes.  It is, thus, a sort of set of uber-permissions, albeit a simple one.

You can use chml "right out of the box" to view a file or folder's integrity level just by typing chml fileorfolder, as in

C:\>chml \windows\notepad.exe

But if you want to modify an object's integrity level, then you'll need to give your user account a new-to-Vista permission, "Modify an object label."  You can find that in the "User Rights" part of Group Policy on a Vista machine.  Or, in a few more words:

  1. Open gpedit.msc
  2. Navigate to Computer Configuration / Windows Settings / Local Policies / User Rights Assignment
  3. In the right-hand pane, you'll see an entry "Modify an object label;" open it
  4. By default, there are no user accounts listing with this privilege.  Add your user account.
  5. Close the Group Policy Editor
  6. Log off, then back on to finish getting the new privilege on your logon token.

Downloadchml | Full Article

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.