I need to create a temporary folder that will be accessed from the application only.
It means that even current user and system administrator are not able to open it from the Explorer.
While application is running, there'll be some files put into it. Once it's terminated, folder and all its content are deleted (again programmatically, no manual delete ability).
P.S. I found few posts here but there are no proper solution given yet.
Thanks in advance.
Windows security does not work that way. You cannot restrict access by application, only by user. If you want only your app to have access to a given resource then you have to create a new user account, configure the resource to grant access to only that user, and then run your app using that user, or at least have your app impersonate that user when needed. Files/folders are securable objects, and Windows security is based on user accounts.
Related
I want to implement Azure File share for my network, but I can't find any possibility to set up user specific access permissions. There are some pre-built groups, which are for no use in this scenario, but I found a MS page recommending using Windows ACLs, but how can I proceed with setting user specific permissions, when I want to assign different permissions to different folders/files to different users, who are part of the same Administrator group in AD?
Problem solved! You just need to remove permissions inheritance and remove all inherited security groups/users permissions and add your own users or custom defined groups.
I'm trying to install the Greenshot.ini in %appdata% of every user that have been created or will be created. So that the user do not have specify which language to use on first login for all users.
Currently manually copying the ini to existing users before the program start works. I don't know how to copy to new users or users with non-generated home folders. How can this be done on a non-domain desktop and a domain desktop. The non-domain is more important and preferred.
I have been doing some basic application access and privilege management.
And to fully understand the access permissions of UWP applications, I decided to create one on my own and check.
As given in MSDN, the app was able to access the files mentioned here.
Now, I know that UWPs run in a sandboxed environment and they aren't given full access to all files in the system.
But is there any way for the admin user to grant the application rights to access files in the drive, for instance, the system32 file or a random text file that the user saved in C drive?
Yes, your app can declare the "broadFileSystemAccess" capability and then it can access all files in the system that the user has access to, given the user provides consent to this capability.
See documentation here:
https://learn.microsoft.com/en-us/windows/uwp/files/file-access-permissions
I have a computer that is used for getting database information from the server in the same domain, and this computer is used by employees who don't have the server admin information.
When the computer restarts, I'd like it to automatically log in to Windows Server so that it can access the database files. Is it possible to write a script for this that runs on boot?
Thanks in advance
I solved this by adding the credentials to the Credentials Manager in Windows, along with disabling the Windows Server dashboard program. This makes Windows automatically log in to the server with the stored credentials on boot.
Since your question really isn't specific, I'd like to suggest two ways of accomplishing your goal.
Since you'd like to access database information, why not use some kind of database management software (like SSMS if you're using MSSQL) and set up proper permissions for the user/computer that will need to obtain information from that particular server/database.
If you need access to raw files (which doesn't make much sense in case of MSSQL for accessing purposes), why not set up proper permissions on the file or parent folder, giving the user that is logged to the client PC proper permissions to access the files that are of interest.
I am using perl on a windows 2003 server with IIS6. I have written a script that needs to access confidential files uploaded by the user. The files are stored in a folder in the cgi-bin. However, I do not want the files to be accessible via weblink. So, I have 'read access' for this particular folder disabled in IIS.
The files are not accessible via weblink, but I need for the user to be able to open the documents that he/she uploaded.
The users logins (usernames and passwords) are stored in the cgi-bin in a csv file.
I've searched the database but couldn't find anything exactly matching this situation.
Any ideas would be greatly appreciated!
Unless I've misunderstood your question, you're trying to limit user access at the application level, not the service level.
If you want users of your web app to be able to access files that they uploaded then your authorization check needs to be done in the application, as opposed to at the edge (by web server).
So every uploaded file is tagged with it's owner (a database record, or a per-owner directory) and access to files is restricted by a small bit of code that checks the authenticated user against the file owner.
The directory in which the files live is readable and writable by the web server user, as that's the user the perl will run as, but it is not configured into IIS as availble for regular HTTP GET access.
It is neither under the HTML document root, nor under the CGI-BIN directory. It is a completely separate directory.