I have applications (in JAVA) that send files to Trash.
This is done by osascript; on one account this works, on another it fails.
Obviously the first account lacks permissions to control Finder, which seems to do the hard work. How do I grant this permission in System Preferences, as I do not see any difference between those accounts in the Privacy list.
;JOOP!
it seems that the terminal command
tccutil reset All
is the only way. Of course this is followed by several requests from the system to grant all kinds of privileges, but at least it gives back control to you.
Greetings. ;JOOP!
Related
I'd like to close a specific Xcode project from the command line without closing any other projects (so I can't just use kill). Applescript is problematic in Catalina because of additional permissions needed. Is there any other way to do what I want?
If you want to use the Terminal to control other apps via AppleScript, you must give permission. But this is not difficult, because the system will prompt for the needed permission if you have not given it already.
For example, I just said
$ osascript -e 'tell app "Finder" to close window 1'
and I saw this dialog:
I clicked OK and the window closed, as ordered. No problem. So you'd see something like that for Xcode, you'd grant permission, and that would be that. The permission is recorded in the Security & Privacy pref pane under Automation.
If you prefer to pass thru System Events, the permission is recorded under Accessibility. Note that that is a permission you can grant in advance. But you still need to go thru the dialog so you can give Terminal permission to talk to System Events.
If you deny access in the dialog and you want to be asked again, use tccutil to reset the database. Good discussion here: https://apple.stackexchange.com/questions/384230/how-do-i-reset-screen-recording-permission-on-macos-catalina
I am building an app in Xcode that uses Core Location. On first run the app asks the user for permission. I want to revoke this permission to trigger the flow anew.
I cannot find my app in the list of apps under Settings / Location Services.
It's odd that your app isn't in Security & Privacy->Location Services. I don't have an answer to that.
If you do uncheck the permission in that pane, though, you won't start the flow anew. Instead you'll be simulating a rejection of permission (user denied the permission request).
The tccutil command line program ought to be able to manipulate those settings. But I tried tccutil reset All on my machine and it didn't affect Location privacy.
It looks like the property list at /var/db/locationd/clients.plist has the authorized applications. So you might be able to edit that file with the plutil command line tool to remove your application. Or just make a copy, edit with Xcode to remove your application, and swap in that copy for testing.
sudo bash
plutil -p /var/db/locationd/clients.plist
Can someone tell me how (in Windows 7 PRO) I can create a folder, so when I try to open it, User Account Control will ask for a Administrator's password. I need to restrict a folder on the C: drive, only be opened by administrators, and if a normal user tries to open it, he will need the Administrator's password.
You could go to Control Panel, then you go to User Account and Family Safety. Then go to Parental Control and unable it, or get your user off the list. After that, you should be able to do it.
(AT LEAST IT WORKS FOR ME!)
I need to create an NSIS installer, which runs with administrator privileges. I request these privileges with
RequestExecutionLevel admin
So far this works. But I also need to place shortcut links on the users desktop. I do NOT want to create the shortcuts for all users but only for the currently logged in user. So I use
SetShellVarContext current
in the installer sections. If the current user has admin privileges, this works. If I have a normal user, Windows (7) asks for credentials for a privileged user, which is also correct. But the installer then creates the icons on the privileged users desktop, and not on current users.
So, how can I tell NSIS, that it should create desktop icons for the current user if she has no admin privileges?
FYI, if I omit both RequestExecutionLevel and SetShellVarContext, I am also prompted for administrative rights but the installer creates icons on the current user desktop as well as for the admin user. I think this is some kind of compatibility behavior.
You are not really supposed to do this (because of this exact issue) and you are basically asking how to create a installer that is broken by design. This is not a NSIS specific problem and not even UAC specific, it has existed since runas was added in Win2000! When you elevate with runas/UAC the new process is executed as that user and with their HKCU and shell folders...
If you need "RequestExecutionLevel admin" in your script then you are doing machine level things and should therefore call "SetShellVarContext all" and install the files in $ProgramFiles and write the uninstall registration under HKLM. This is true for any version of NT, not just Vista+/UAC. (Most people forget to test as non-admin on NT4 and NT5)
If creating shortcuts for all users is such a big problem then I suggest you enable the "Don't create shortcuts" checkbox on the startmenu page so the user can decide.
If you still want to force broken behavior then you need to use this plugin. (You should be able to find plenty of topics about this plugin on the NSIS forum)
I installed my application in Windows 7 and as part of the installation, it installs some text files. Now, if I open the text file in notepad and try to save it, I get an "Access denied" error. I'm logged in as administrator on the machine and the file is not marked read only and security permissions seem to be fine.
However, I could delete or rename the file without any problem and I could create a new file with the same name/location using notepad and the save works fine.
I understand it has something to do with UAC. I'm wondering what UAC does in order to block access to the file. Our application is not installed in Program files folder as I believe UAC restrict any changes to files in Program Files folder
Can anyone throw light on what is going on.
regards
G
With UAC, just because you're logged in as a user with administrator privileges does not mean a program actually runs with them. The program has to either request privilege elevation (which gives the "Do you want to allow this program to _____" UAC pop-up) or explicitly be run as administrator (right-click on the program/shortcut and choose Run as Administrator).
By default most areas of the drive outside of the standard "user files" (a.k.a. My Documents & co.) are restricted to administrator-only access, but the folder permissions can be changed to add access for a particular user if desired.
You will find that saving files almost anywhere except the "my documents" area for the user will be restricted, this includes saving to other drives on the system etc.
If you check the permissions for the directory you are trying to write to, all you have to do is expressely give the user permission. Otherwise only the admins have permission, which requires UAC approval from the user to get the admin token.
You normally get "Access Denied" error when the file is in use. UAC could not be an issue here. Check out if the file is in use by anyother process.
You can use tools like Process Explorer from sysinternals to do that.
You have to right click the file and select properties. THen open the security tab and you can see different accounts with differet privelages. Click USERS and it should highlight. The box under it should have a bunch of check marks that indicate what this user can do. Click Full Control. Apply and Okay. Then you can save!!!