Somehow able to write to ProgramData with UAC enabled in Windows 8 - windows

Based on the assumption that standard users can't write directly to ProgramData on Vista and later, I'm creating a directory inside it and giving all users full control of that for my program's use. It works fine, but during testing I tried to run some test code as Guest (which is supposed to be restricted) and it successfully created the directory and granted the intended rights. I wasn't expecting that to work, when I've seen so many stories of that kind of thing not working. The same thing happens if I create a standard user account and run the program from there.
Has anyone else seen that behavior? It's not being virtualized, and it appears that the UAC awareness tweak to the program's manifest (I'm using VS2005 here) is working because I get errors when I try to write to System32 instead of a file in VirtualStore.
I would just let it go and count my blessings, but this software won't just be running on my machine and I'd like to make sure it'll work in other environments.

Users are able to write to the ProgramData folder, because rights to create files and folders are granted to Users by default:
The same is true on Windows 7. Likely also true on Windows Vista.

The default permissions allow non-admin users to create directories in ProgramData, so the observed behaviour is as-expected.

Related

win7: setting user group to have elevated privileges to access files fails to allow application to access

I'm a programmer not an admin. I significantly modified an old program written in 1997 to run under Windows XP ~7 years ago. At that time, I rewrote in VC++ 2005. The local production network has been updated to Win7. Program updated to VC++ 2010.
Problem: Program runs in new environment but only if user has admin privileges. Without, needed files cannot be accessed. Attempted Fix has been to give user group access to the needed files. Users can access the files "by hand" but program still fails.
Is there a way to give the application admin privileges so that it can access the files?
Not acceptable is allowing users to run as admin. We have to operate under DoD constraints. Is there something I as the guy working on the application can do? If not, what is the solution?
Recap: problem was a large number of scratch files which, in the original application, were being written to the C:\ root directory. The solution was to use "getenv_s" to obtain the user's directory via an environment variable. The pathname was modified such that the string returned from "getenv_s" was concatenated with the scratch file name. Laborious but problem solved.
The huge difference between XP and Windows 7 is the access system (user access control entered with Vista and was further refined in 7). In theory you could run the application as an admin user, or provide a service that would access the necessary system components and files as an admin user. But there isn't a way of giving an application itself extra permissions.
Your other option is to find out what specifically is causing the problem and correct that in your application. Chances are this is a system file or the like.

How to update a program (exe) from internet using win32

I've written a Win32 program that at regular intervals retrieves content from a dedicated server on the internet.
Sometimes the Win32 program itself needs to be updated. What I do is exit the said program and run a download-program which replaces the main exe I need to uopdate. This works for users running in Administrator mode but not other mode that has sufficent rights for most tasks. The program runs on it own directory which is not under "c:\Windows\program files\".
I've set a manifest file to no avail.
Is there a workable workaround solution for this (any)?
For security reasons you cannot place files in Program Files without admin rights. If you would be able to this you could in theory change Windows files and place malware as well.
Same goes for Linux and OSX systems.
However you could prompt the user for an Administrator password and gain the admin rights in that way.
You need your updater program to have admin rights. You achieve that by adding the requireAdministrator option in the requestedExecutionLevel section of the application manifest. You said that you have tried this to no avail. Well, you must have got something wrong because this is the solution. You just need to persevere until you get the manifest correct.
I presume that when you say that the [program is not under the Program Files directory you refer to the updater. If the program being updated is not under the Program Files directory then there would seem to be no obvious reason that the updater needs admin rights. If that is so then you need to investigate further.

How to prevent file redirection to VirtualStore for read/write files?

I am using C# with .net 2.0
I am saving my program data in a file under: C:\ProgramData\MyProgramName\fileName.xml
After installing and running my application one time I uninstalled it (during uninstallation I'm removing all the files from "program data") and then I reinstall the application, and ran it.
The strange thing is that my application started as if the files in program data existed - means, I had old data in my app even though the data file was deleted.
When running:
File.Exists("C:\ProgramData\MyProgramName\fileName.xml")
I got "true" even though I knew for sure that the file does not exist.
The thing became stranger when I ran the application as admin and then the file didn't exist.
After a research, I found out that when running my application with no admin privileges instead of getting:
C:\ProgramData\MyProgramName\fileName.xml
I get
C:\Users\userName\AppData\Local\VirtualStore\ProgramData\MyProgramName\fileName.xml
and indeed there was a file that existed from the previous installation (that I obviously didn't delete, because I didn't know it existed).
So just guide me how could I stop this when apps running with no admin right.
I do not want to create any file automatically in VirtualStore folder. Please discuss all the possible ways to stop this.
First, ask yourself, do this need to be globally saved for all users?
If it doesn't have to be, save the file in Application Data instead, you can get the path with Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), it should always reliably expand to C:\Users\Username\AppData\Roaming\. Do note that this path is unique for each user though.
If you have to, you're out of luck. There is no reliable way to store application data for all users without admin rights (or UAC) on any Windows post-XP that's not extremely hacky, like storing your data in the Public user (which may or may not be possible, I can't check right now).
An approach to solving this is to use the Environment.SpecialFolder.CommonApplicationData location, but with some very important caveats & setup.
CommonApplicationData is
The directory that serves as a common repository for
application-specific data that is used by all users.
This location is described further here and here.
Important requirements and restrictions are given in another SO answer: https://stackoverflow.com/a/22107884/3195477
which said in part:
The recommended solution is for your installer to create a sub
directory of C:\ProgramData for your shared storage. And that sub
directory must be given a permissive ACL by the installation program.
That is what grants the desired access to all standard users.
Otherwise the program running with standard user permission will still not be all equally able to read/write files in that location for all users.
I found a work around for this issue when transferring a very old win32 app to windows 7 & 10. The program wrote to a database on C:\Program Files... but the OS auto changed the path to virtual store. However the database was required globally. By changing compatablilty mode to Windows 95 or XP SP2 and always running as administrator the database was worked on directly in C:\Program Files\etc.
There are security implications for this and the box was removed from all networks and adapters disabled etc.

Change integrity level of System32 folder in Vista

I have been unsuccessful getting a Java WebStart application that should have AllPermissions to write a file to Windows/System32 on Vista or Windows 7. While I don't believe this is possible, perhaps there is a way to lower the integrity level of this folder to Medium?
I am getting desperate and am not above insane registry hacks to make this happen. We have a production app that runs fine on Windows XP however a new prospective client is unbending in their determination to ONLY maintain Windows 7 or Vista workstations.
I appreciate any help or suggestions and would especially love to hear from anybody if this is impossible. Please no comments on how insecure and dangerous this can be, I am aware of the risks.
The proper solution is to have the required DLLs placed in the system32 folder from your installer.
Your MSI installer will know how to prompt the user to elevate to administrator, so you then have permission to add your files to the users System32 folder.
You will not be able to modify files in the users's System32 without them being (or elevating to) an administrator; that's a fundamental constraint of the secure operating system.
First of all, as the author of CHML -- the app you mentioned -- it's unfortunately not a great idea to lower the integrity of the Windows folder (as you've seen).
That said, there IS a way to get things back the way you want -- several, actually, but the easiest way is to
1) Create a bootable WinPE CD or USB stick
2) add my chml.exe executable
3) Boot your system
And at that point you could use chml to re-raise the integrity level. It works because under WinPE you ARE running as System, and can raise your IL. (The docs (ahem) DO mention this. :-)
I figured out how to do this for Vista but am really unnerved by what I have done.
There is a free program out there that you can download that will give you the ability to change the integrity level of a folder. http://www.minasi.com/apps/
Using this program however from the commandline will give you Access Denied when attempting to change System32 to Medium integrity. This is because the Administrator does not have explicit rights to this directory.
This is where it gets really scary, to give yourself Full Control on System32 you have to make Administrator the Owner of that directory. The current owner is TrustedInstaller originally.
So, I changed the Owner of System32 to Administrator, Gave Administrator FullControl, then used chml from an Adminstrator command prompt to give System32 Medium integrity.
I now wonder what the consequences could be of System32 having a different Owner, however if Vista allows you to do this out of the box then it can't be that bad. Right???

How to pass security issues in Vista?

I have a vb6 application. I am unable to carry out the following on a Windows Vista machine:
Register a .DLL from the Users directory
Start another .EXE
Write to a file in the Users directory.
How can I overcome these issues?
This is by design. Software is supposed to require admin rights for installation (including update/upgrades). You got away with it in XP because so many people ran as administrator. If you're registering a dll after installation, you're doing something wrong.
You should be able to do this without issue, but only with the same rights as the user that the current app is running under. What is this exe trying to do, and would a standard user normally have those permissions?
What specific folder in the user's directory? Again: a user should have write access to most of the their own profile, but not necessarily as much outside of that as you think.
You have access to write to the c:\users\ directory. Going to another users directory is a bit of a security problem that you're not going to work around.
As far as registering an assembly from a users directory... There is a directory under c:\users\\AppData\Local\assembly which you should have access to for temporary assemblies
Starting another exe is trivial... As long as it's installed in the normal \program files.. path.
It really sounds like maybe you need to reevaluate how your application works.
Some suggestions:
Move to Reg-Free COM where it can handle things (i.e. not for ActiveX EXEs, DCOM).
We'd need more information. This should be no problem unless there are permissions issues.
Users are not supposed to be creating files outside of their own profiles, CommonAppData, and application-defined locations (often on non-system drives). More information is required to give any really useful answer.

Resources