I have a software that do read and append a txt file that is located on the C:\ drive. It works perfect on Windows XP environment when a normal user in users group (not administrators) login and run the software.
However when using Windows 7 and login as a normal user in users group, I'm getting access denied even though I have modified the security of the text file to full access for that user and users group.
I have also change the ownership of the file to the users group and to the user itself.
If I change the path to the D:\ drive, there is no issue at all, but I need this to work on the C:\ drive.
I even tried changing ownership of the C:\ drive and adding write permissions as well and it didn't work.
I can't put the user into administrators group.
Thank you for your input.
Try opening the software as administrator and then open the txt file through the software. BTW where is it exactly located the txt file? (Sorry I cant comment , I havent 50 rep)
Related
Apologies if this is a really simple question...
We have a .NET application that is installed by an administrator, and then run by multiple staff on the same computer with their own login credentials (normal user - non-admin).
Application uses MSI installer and is installed to Program Files folder.
The application needs to have some settings about attached devices to the computer saved as preferences so when a user opens the app these settings are set and the user is not asked for preferences each time. These preferences should not be set per user, rather per computer.
However if user A changes one of these settings on the computer, then when user B logs in they should see the changed setting from user A.
Hence the settings need to be per computer, not per user.
Where in windows 7,8,10 etc. can an application save data that is computer specific not user specific, yet allow users without admin rights to change that data?
We have looked at system temp folder but the computers have GPO policy to regularly remove temp folder content.
Any other ideas?
It takes administrator rights to change the permissions on a registry key inside HKLM, but once that's done, anyone in the group given permission can make modifications.
Obviously don't change permissions on any of the standard keys (e.g. HKLM\Software or HKLM\Classes) but in your own application area (HKLM\Software\YouCorp\YouApp\Attached Devices) it's perfectly fine to adjust permissions the way you like.
You'll just have to include "grant write permission on HKLM\Software\YouCorp\YouApp\Attached Devices to the group Users" as one of the actions of your installer.
If you are allergic to the registry, you can do the same with a subdirectory of your application install (e.g. %ProgramFiles%\YouCorp\YouApp\Device Settings)
Given you are using a .Net application, you could store the information in the app.config file associated with the application.
I have the following script which is setup as a task to automatically move a file to a mapped network drive. The problem is that this only works when a user is logged in and has an active Windows session open. However, if the user is logged off these backups wont happen as I believe it cannot find the network drive. This is running on a Windows 2003 Server. Is there anyway to alter the script to make sure it can connect to the networked drive while no active sessions are open?
The process I am using is to move the file, then delete the file to clear up hard-drive space, then a .exe is run to empty the recycling bin.
#echo off
move C:\StarshipBackup\*.* Z:\StarshipDataBackup
del C:\StarshipBackup\*.* /F /Q
C:\emptyrecycle.exe
You can mount the drive in the batch file. Add this before your move command:
net use z: \\yourserver\sharename
Of course, you need to make sure that the account the batch file runs under has permission to access the share. If you are doing this by using a Scheduled Task, you can choose the account by selecting the task, then:
right click Properties
click on General tab change account under
"When running the task, use the following user account:"
That's on Windows 7, it might be slightly different on different versions of Windows.
I have an addin program that works with MS Word (version 2007). It is located in the C:\Program Files location. I installed Windows 7 and then went to make a routine change to my files in this location and it would only bring up a read only file. How can I grant myself permission to write to my own program? I cannot change this location or use any other workaround. I have this product out to 25 different companies and I can't change the programming to work from any other location. Thanks
You could also embed a manifest in your EXE that makes your program require adminrights on Windows 7 / Vista.
On Windows Vista, UAC means that users run without admin rights and don't have write access to the program files directories.
The correct solution is to write to a folder for which standard users do have write permissions.
The solution you are looking for is to make your app's folder within program files writeable to all users. You can do this by adding a DACL when installing. It is extremely bad practice to allow standard users to write inside the program files directory and I urge you instead to re-code your app so that it does not need to write there.
Assuming you're doing this as part of modifying the config (and not when your application is running for regular users)...
Your user account probably doesn't have the correct permissions to write/modify the file. Assuming your account is an administrator account, right-click the file, select "Properties". Click the "Security" tab. Click edit and give your user account Full Control.
If you can't do this, it's probably because the ownership of the file doesn't allow you. If this is the case, click on "Advanced", go to the "Owner" tab, and click "Edit".
However, if it needs these permissions when it's running, you should instead be using the %AppData% folder.
I have a file on a Windows 2003 NTFS file system. It is called C:\MyFolder\MyFile.txt. First grant a user read access to the file. Then I remove the user's read access to the parent folder.
Now the user cannot use Windows Explorer to browse the folder and double click to open in Notepad. The user can go to Start (menu) Run and enter "C:\MyFolder\MyFile.txt" and the file will load in Notepad.
Can someone point me to some MSDN documentation that explains why this is? I've tried all the google and bing queries I can think of.
thanks much
See the 'Traverse Folder' permission in the table on this page:
http://technet.microsoft.com/en-us/library/cc787794(WS.10).aspx
It sounds more like a TechNet article than an MSDN one to me.
If you think about a directory/folder as not a file cabinet folder but rather a index card stuck to the front of the cabinet to say what is in the cabinet. This is effectively what a folder is on the file system (a index to where the files are.)
Because you have denied the user rights to what is in the folder you have denied them access to the index card. However, if they know the precise file they want then they can still access to the file which they have permissions for as this doesn't require a check on the index card.
Behind the scenes it is obviously a little more complicated but that is the basic view. I saw this technique used quite a bit on the *nix environments when I was at Uni to hide previous years assignments from the current batch of students. However, because they hadn't removed permissions from some files the tutors could still direct them to specific examples from previous years.
I installed my application in Windows 7 and as part of the installation, it installs some text files. Now, if I open the text file in notepad and try to save it, I get an "Access denied" error. I'm logged in as administrator on the machine and the file is not marked read only and security permissions seem to be fine.
However, I could delete or rename the file without any problem and I could create a new file with the same name/location using notepad and the save works fine.
I understand it has something to do with UAC. I'm wondering what UAC does in order to block access to the file. Our application is not installed in Program files folder as I believe UAC restrict any changes to files in Program Files folder
Can anyone throw light on what is going on.
regards
G
With UAC, just because you're logged in as a user with administrator privileges does not mean a program actually runs with them. The program has to either request privilege elevation (which gives the "Do you want to allow this program to _____" UAC pop-up) or explicitly be run as administrator (right-click on the program/shortcut and choose Run as Administrator).
By default most areas of the drive outside of the standard "user files" (a.k.a. My Documents & co.) are restricted to administrator-only access, but the folder permissions can be changed to add access for a particular user if desired.
You will find that saving files almost anywhere except the "my documents" area for the user will be restricted, this includes saving to other drives on the system etc.
If you check the permissions for the directory you are trying to write to, all you have to do is expressely give the user permission. Otherwise only the admins have permission, which requires UAC approval from the user to get the admin token.
You normally get "Access Denied" error when the file is in use. UAC could not be an issue here. Check out if the file is in use by anyother process.
You can use tools like Process Explorer from sysinternals to do that.
You have to right click the file and select properties. THen open the security tab and you can see different accounts with differet privelages. Click USERS and it should highlight. The box under it should have a bunch of check marks that indicate what this user can do. Click Full Control. Apply and Okay. Then you can save!!!