I'm trying to install the Greenshot.ini in %appdata% of every user that have been created or will be created. So that the user do not have specify which language to use on first login for all users.
Currently manually copying the ini to existing users before the program start works. I don't know how to copy to new users or users with non-generated home folders. How can this be done on a non-domain desktop and a domain desktop. The non-domain is more important and preferred.
Related
I want to implement Azure File share for my network, but I can't find any possibility to set up user specific access permissions. There are some pre-built groups, which are for no use in this scenario, but I found a MS page recommending using Windows ACLs, but how can I proceed with setting user specific permissions, when I want to assign different permissions to different folders/files to different users, who are part of the same Administrator group in AD?
Problem solved! You just need to remove permissions inheritance and remove all inherited security groups/users permissions and add your own users or custom defined groups.
I have been doing some basic application access and privilege management.
And to fully understand the access permissions of UWP applications, I decided to create one on my own and check.
As given in MSDN, the app was able to access the files mentioned here.
Now, I know that UWPs run in a sandboxed environment and they aren't given full access to all files in the system.
But is there any way for the admin user to grant the application rights to access files in the drive, for instance, the system32 file or a random text file that the user saved in C drive?
Yes, your app can declare the "broadFileSystemAccess" capability and then it can access all files in the system that the user has access to, given the user provides consent to this capability.
See documentation here:
https://learn.microsoft.com/en-us/windows/uwp/files/file-access-permissions
I am trying to build a puppet manifest to add an ldap user profile to a local machine on the domain.
After spending some time looking through Google and various sites all I am seeing is examples of local users only and I wonder if it is even possible?
Currently I have to logon onto the computer, which creates the user profile folder under (c:\Users{username}). I need to add 3-5 profiles to every machine, but I don't want to go through the whole LOGIN > LOGOUT > LOGIN > LOGOUT process for each user on each machine.
I am new to puppet and just not sure if this is possible in puppet or if I need to figure out a different method?
I need to create a temporary folder that will be accessed from the application only.
It means that even current user and system administrator are not able to open it from the Explorer.
While application is running, there'll be some files put into it. Once it's terminated, folder and all its content are deleted (again programmatically, no manual delete ability).
P.S. I found few posts here but there are no proper solution given yet.
Thanks in advance.
Windows security does not work that way. You cannot restrict access by application, only by user. If you want only your app to have access to a given resource then you have to create a new user account, configure the resource to grant access to only that user, and then run your app using that user, or at least have your app impersonate that user when needed. Files/folders are securable objects, and Windows security is based on user accounts.
I am using perl on a windows 2003 server with IIS6. I have written a script that needs to access confidential files uploaded by the user. The files are stored in a folder in the cgi-bin. However, I do not want the files to be accessible via weblink. So, I have 'read access' for this particular folder disabled in IIS.
The files are not accessible via weblink, but I need for the user to be able to open the documents that he/she uploaded.
The users logins (usernames and passwords) are stored in the cgi-bin in a csv file.
I've searched the database but couldn't find anything exactly matching this situation.
Any ideas would be greatly appreciated!
Unless I've misunderstood your question, you're trying to limit user access at the application level, not the service level.
If you want users of your web app to be able to access files that they uploaded then your authorization check needs to be done in the application, as opposed to at the edge (by web server).
So every uploaded file is tagged with it's owner (a database record, or a per-owner directory) and access to files is restricted by a small bit of code that checks the authenticated user against the file owner.
The directory in which the files live is readable and writable by the web server user, as that's the user the perl will run as, but it is not configured into IIS as availble for regular HTTP GET access.
It is neither under the HTML document root, nor under the CGI-BIN directory. It is a completely separate directory.