Do Win10 handle file permissions differently than Win7? Even when Properties > Security > Advanced permissions for files/folders seem to be identical?
Problem:
For several years, I've been running my browser within a Sandboxie sandbox. Now I migrated from Win7 to Win10, using the same Sandboxie configuration. But in Win10, the sandboxed applications have troubles in renaming files. Sandboxie does work with Win10, and no one reported the troubles I have.
For example: When I run Notepad in SB, it is unable to rename any files, not even those it just created. When I run Firefox from within SB, it does not remember its configuration from the previous run - that's because it is unable to rename .tmp files with updated configuration (e.g. "extensions.json.tmp" to "extensions.json"). Everything else seems to work fine.
Q: Do I have to set anything differently in Win10 than it was set in Win7?
Details: Without SB everything works correctly, in SB only the file rename seems not to work. The only difference I found is that without SB the apps are executed under my win accout, while in SB they are executed under the "ANONYMOUS LOGON" account. The privileges of both accounts seems to be almost identical (checked using the "Process Explorer" app).
The whole directories and everything within them is owned by me, and SYSTEM, Administrators and OWNER (myself) have full control on all files and folders, recursively.
When I create a folder, and then a file within that folder, I can rename that file even from within the sandbox. But I see no difference in privileges of this new folder/file and other folders/files created earlier (they all are owned by me, and SYSTEM, Administrators and OWNER have full control in all cases).
The same setup works in Win7Pro, but not in Win10Home. What's the problem?
Version: Win10Home x64 v10.0.18362, Sandboxie 5.30
The problem was in Sandboxie 5.30. It has been already fixed in 5.31.2.
Related
I’m writing an application that should save user specific data into AppData. This application has an installer. Now I’m not sure, what is the best way to provide the folders in AppData.
Should the installer create (and delete) the folders, or should the application itself create (but probably never delete) the folders.
Also, if multiple user on the same computer use the app, the folders probably doesn’t exist, if another user installed the application.
I didn’t found anything that really explained this to me.
Thanks in advance.
I'll answer for Windows Installer, MSI files, and basically you shouldn't need to worry about it in the installer; just install files to their required locations, and the folder will be created automatically and removed at uninstall if it's empty.
In addition to Phil's correct answer:
If the files from the AppData folders used by your application are created only by the application, at run time, there is no need to configure the installer to create the empty folders. Those folders will be created the moment your app writes down the files.
Also, even if your installer is creating the folder, on uninstall it will not remove if in that folder are files created by the application. Windows Installer keeps track (should do it in a correctly configured package) of every file it installs and only removes the ones it installed (by default, it can be configured to force remove a folder and files which it did not install).
Regarding other users of the app. In this scenario, the simplest method is to use your application for creating the initial default files in the AppData folder, at the first launch of the app for each user.
If you need to install files to AppData from your installer then you could try one of the following approaches. These techniques can be applied with any setup authoring tool that can create MSI packages.
I suddenly have begun encountering an error similar to "E:\Websites\Stage\mywebsite\somefile.ascx: Access to the path is denied" on a multitude of my local files when attempting to check them in. The files it is failing on are all sorts of files, PNG, ASPX, CONFIG, etc.
I am using Visual Studio 2013 for Web (Update 4) and the visualstudioonline.com TFS.
The files are stored on a network location and I have a drive mapped to that location. I can manually open, manipulate, and save any of the files that error so I do not believe it is truly a permissions issues.
This setup has worked for months but suddenly it is giving me problems.
I ran a powershell script on the folder Get-ChildItem -Include *.* -Recurse -Path 'E:\Websites\Stage' | select fullname,isreadonly and all the files return 'False' under the isreadonly column. No errors are returned.
I am in need of some further ideas.
I found a workaround in another StackOverflow question.
Essentially, you shelve the pending changes, then you commit it. No need to unshelve them.
I would only suggest to use that to check-in your changes until you set another workspace locally (or someone fixes that issue).
As many other, using Visual Studio 2013 from within a VM having a local workspace located on the host computer mapped through a shared drive was working well before updating to "VS2013 update 4".
That setup was suggested to me with the reasoning that if the VM crashes, then I wouldn't loose my changes.
Storing your local workspace on a network location is not supported and should never be done.
Have a 'local' (physically on your local machine) workspace where you edit the files and check in. Then have an automated build that publishes the files to a location of your choice.
I ran Windows/Visual Studio in Parallels on a Mac and had a project saved to my desktop (yes, shame on me). Internally this path is handled as \\psf\Home\Desktop even if it is stored locally and not in the network. Still gives the same exception and is solved by moving it to your regular drive (c:\...)
What I did
I just started using git, and I think I accidentally initialized a bare repository (instead of a normal one) in my www folder. So when I committed everything, I noticed it started removing everything, which I didn't expect at the time. That's where I made the mistake of killing git. Now there's two files that I can't delete/move/read/write/execute.
When I knew what git was actually doing, I then cloned the git repo in my www folder to my desktop, and it looks like I got most of it back, including those two files, which are normal, and I can write and read to them.
What I'm trying to accomplish
I realize that this may seem like an elaborate scheme to learn how to hack, but that's not the case, I own these files and my goal is to delete them, not break in. I'm unable to delete them however, as killing git seems to have messed up the permissions on the file. I really desperately need to know how to delete them, otherwise git and every backup system I use keep breaking on doing anything in this directory!
Further info:
I'm using Windows 7 Ultimate x64, and Git version 1.8.5.2.msysgit.0
Below a screenshot of the situation:
When I look at the permissions tab in the file properties, I get the message I have to have be an administrative user with permissions to view its security properties. I then clicked on continue, as I have administrative permissions (since it's my laptop). In the newly opened window I get the message I don't have permission to view its security properties. When I try setting its owner, as it suggests, I get the message "Unable to set new owner on [file]. Access denied".
I already tried using an elevated command prompt to try removing them, even forcefully.
I'm desperate, guys (and girls)!
Ok, so I wasn't able to delete the files, on Windows.. I finally did it using a linux (debian 6.whatever) live-cd, and using rm -rf logs/
So if anyone else should encounter the same thing, this is a relatively quick solution.
When I installed RAD with Websphere 7.0, I got a slew of folders created in my home directory:
%USERPROFILE%\IBM
%USERPROFILE%\Logs
%USERPROFILE%\PMT
%USERPROFILE%\updilogs
%USERPROFILE%\waslogs
%USERPROFILE%\web2feplogs
I am using Windows 7, so I actually use my home directory for various things, and hate that I have all these folders polluting my home directory (more than half of which are sitting empty).
Which of these can I delete? If RAD/Websphere need the directories, is there any way I can configure RAD/Websphere to have them to where they're supposed to be (that is, under %USERPORFILE%\AppData)?
(And I have hidden files/folders showing for work-related reasons, so I can't just hide them)
OK, so:
The %USERPROFILE%\IBM directory is the default directory for RAD to create new workspaces in. I am guessing that this directory was created when you first invoked RAD and it asked you where you would like a workspace created. Check the contents of that directory. If it only contains RAD workspaces, you can delete it (or move the individual workspace directories elsewhere).
I am not aware of a %USERPROFILE%\Logs directory created by wither RAD or WebSphere. Can you list some of the directory's contents?
The %USERPROFILE%\PMT directory wouldn't have been created by WebSphere or RAD. PMT stands for Profile Management Tool - a GUI that WebSphere provides for managing WebSphere profiles. Can you list some of the directory's contents?
%USERPROFILE%\updilogs are logs created by the installer of the WebSphere Update Installer (read that again). You cannot override it. You can delete this directory.
%USERPROFILE%\waslogs are logs created by the installer of WAS itself. You cannot override it. You can delete this directory.
%USERPROFILE%\web2feplogs are logs created by the installer of the WAS Web 2.0 Feature Pack. You cannot override it. You can delete this directory.
EDIT as per comment: The PMT\workspace directory seems to be of the format of an Eclipse workspace. I suspect this one was created when you (or a program that you ran) fired up the Profile Management Tool in GUI mode. As far as I know, this directory can be deleted but it will resurface next time you run PMT in GUI mode.
I'm running Windows 7 with UAC enabled. I've always found it weird that Eclipse doesn't use an installer and doesn't use the AppData folder to store its data in Windows, but lately I've had to reinstall it a couple times (hard drive problems) and I've been wondering if I am really putting it in the best place.
I copy the eclipse folder to my C:\Program Files\ directory and make a shortcut on my start menu, and then pin it to my taskbar. However, eclipse has problems so I go to properties, the compatibility tab, and enable "Run as administrator". Then every time I open eclipse I have to hit yes on the UAC window, but everything works correctly, except for one side effect: my touchpad doesn't scroll any windows in eclipse. This is because the touchpad program is running as a normal user, so it can't modify eclipse running as administrator. So, then I have to close and reopen my touchpad software as an administrator.
Anyway, long story short... Where is the best place to put the eclipse folder in Windows, and why?
Edit: I just found a possible suggestion, feel free to comment. Sounds like I can just run it as administrator once the first time and set up all my plugins and such, and then run it as a normal user for my normal tasks (coding). I can't believe I never thought of doing this, but I may stick to the Program Files directory and give this approach a try unless I get a better answer here.
Ninite places Eclipse in C:\eclipse. Ever since asking this question, that has been my install location for Eclipse. Eclipse still does not properly handle permissions when run out of the Program Files folder.
I setup Eclipse in
c:\software\eclipse_{version}\
I keep all my open source packages (ANT, Maven, Apache, etc) in c:\software as well. Then I add the necessary directories to my $PATH variable (c:\software\ant\bin).
I also keep the Eclipse workspace under c:\software\eclipse_workspace.
The big plus behind this setup is portability. I can simply move the entire folder to a new drive, re-setup my path, and boom everything works. No interference from registry settings at all. Makes it very easy to backup.
This approached worked for XP, Windows7 RC1 and Windows7 Professional without issue.
You can install (unzip) an eclipse:
anywhere you want (meaning you don't have to install it on c:\Program Files (I install it for instance on c:\prog\java\eclipse, a directory tree I create
with a workspace set anywhere you want (for me: c:\prog\java\workspace, and I reference that workspace in my eclipse.ini.
This is important because the default location of a workspace (using user.home) is not always a good idea (see this SO question and its associated eclipse bug which will be solved only with the upcoming eclipse Helios 3.6)
with plugins set anywhere you want through a Dropins folder (also referenced in the eclipse.ini, for me: c:\prog\java\myplugins)
with a JVM installed anywhere you want (also referenced in the eclipse.ini, for me: c:\prog\java\jdks\jdk6u18, and I have installed several others jdks in c:\prog\java\jdks)
Eclipse shouldn't ever have to be in c:\Program Files, and the setting describe above works perfectly with:
Vista or Seven, UAC fully activated
XP, with no Administrator rights.
I usually install Eclipse to %LocalAppData%.
C:\Users\<username>\AppData\Local\Eclipse\<version>\
Common install path used by Google Chrome, Python, GitHub Desktop, Discord, and f.lux
Only installs Eclipse for the current user profile. (separate per-user settings)
Does not require administrator privileges
Accessible as a default Windows environment variable (%LocalAppData%)
Folder is designated specifically to hold application data
You could put it under your User folder or My Documents folder, so you don't have to worry about permissions. Then just add a link to your start menu / quick start / desktop and you will be good to go.
I have many different versions of Eclipse and related products installed. So I have them installed as C:\Eclipse\... for Windows and /Eclipse/... under Mac and Linux. Usually with the directory name as the base name of the zip - e.g. eclipse-rcp-helios-SR2-macosx-cocoa-x86_64... Some products, like those from IBM, have their own ideas and can often not be changed...
As for the workspaces - yes, I have one for each customer - they are placed under /Eclipse/Workspaces/... and friends.
And the target platforms are placed under /Eclipse/TargetPlatforms/... and friends.