One way of deleting the user profile is to delete the user from the ProfilesList registry key and to delete the user folder from the users directory.
On Windows 8 though this does not seem sufficient. There seems to be some data that is present in HKLM related to the user too. One such example is HKLM\Software\Microsoft\Windows\CurrentVersion\Appx\'UserSid'.
Hence i'm looking for an API (Win32 SDK), that would delete all the filesystem and registry entries related to the User Profile?
Related
I need to find out the creator of all shared drives via the API with a service account but can't find a way to extract that info. I can get a list of all shares and can then get a list of the permissions related to each share but can't get the creator.
Am I missing something or is it simply not possible?
Unlike files in Drive, content in shared Drives is owner by a group of users.
There is no such thing as the "creator" of a Shared Drive. And there is no "owner" role allowed either.
See the docs specific roles for shared Drives.
Update:
When shared drives are created the API assigns the role of "organizer" to the creator. And then subsequent users or groups can be assigned the role of organizers too. I guess technically the creator is the first organizer to be assigned to the Drive. But there is no method to return the creator in Google Drive API at the moment.
We are looking to prevent users from accessing a directory we create from our non-sandboxed app via:
FileManager.createDirectory(atPath:withIntermediateDirectories:attributes:) //where path is ~/Library/Application Support/our.bundle.identifier/ourdir
To do this, we have set no permissions for this directory, thus ensuring they cannot open it via:
fileManager.setAttributes([.posixPermissions: 00000], ofItemAtPath: path) //no permissions
However, users can simply right click it, choose Get Info, and change it from No Access for everyone to Read & Write to gain access.
But this isn't the case for other directories I have found. For example, Desktop located at /Users/Guest/ (or any other user account you’re not logged into) also has No Access for everyone, and when you try to change it you’ll get an error:
The operation can’t be completed because you don’t have the necessary permission.
Another difference I see is the Locked checkbox is disabled for that directory, but enabled for the directory our app created.
This is exactly what we need for a directory created by our app. How can we ensure the user does not have permission to change permissions of this directory?
The reason certain folders can't be access is because they're owned by a different user, and the logged-in user doesn't have permissions. But neither will your app given it's running under the user's account. Admin users (which the default macOS account is one) can always change folder ownership and permissions so you're not going to prevent a folder from ever being accessed.
I'm new to Mac development and the keychain concepts. I wish to obtain some clarity on the topics, but I do have a specific question.
I have an app that is privately distributed, not through the app store. My signing certificate changed earlier, so now we have an old app and a new app. They have the same bundle id and filesystem path, but the new app gives a prompt when trying to access keychain entries created by the old app. I need to run this remotely so prompts are not acceptable.
I realised after some research that editing the ACL for the old keychain entries is not possible without giving a prompt, so I've instead decided to delete those keychain entries if and only if the new app does not have access to them. This has to be determined by the installer, which is a third app unrelated to the old or new app.
How do I check if a given application is in a keychain entry's access control list?
Here is the approach I tried: I used SecACLCopyContents on the SecKeychainItemRef to get the array of SecTrustedApplicationRefs.
I then used SecTrustedApplicationCreateFromPath to get a SecTrustedApplicationRef for the new app.
I then iterated over the array of SecTrustedApplicationRef and compared their results of SecTrustedApplicationCopyData to check if any app matches the one I created from the path.
However, I get a match for any two apps as long as they have the same filesystem path, even if they have completely different content. I have probably misunderstood the purpose of SecTrustedApplicationRef and SecTrustedApplicationCopyData.
TL;DR
What is the correct approach to check if some application has access to a keychain entry made long ago? Given that we cannot assume that bundle id and filesystem path are unique identifiers for the contents of the app.
Bonus question: What does security actually compare to determine if an app has permission to access a keychain entry?
I have a query regarding accessing Skydrive folders programmatically through the Live SDK on Windows Phone.
So the scenario I have at hand is that a Windows phone app that I have built creates folders (and files) on your Skydrive. Now I want the following functionality which I haven’t been able to do so till now.
Is it possible that I can programmatically share my folder and files with View (and/or edit) permissions to my friends (as I know their user ID)?
If I am able to share such a folder can I access the content after logging in (with my live ID) from my phone. By accessing I mean download or stream content.
If in step 1, a person to whom the file is shared is provided edit permissions how can I programmatically edit such a file? The current problem I am facing in this step is that to update a shared folder the live sdk requests a wl.contacts_skydrive_update scope, but while logging in I am notified that no such scope exists.
This is the Error message I get when I try to get a shared_edit_link:
request_token_unauthorized: Microsoft.Live.LiveConnectException: The
provided access token does not have access to this resource. An access
token with one of the following scopes is required:
'wl.contacts_skydrive_update'.
Although the user does have edit permissions. Note: Such a scope doesn't exist.
There is a thread on this where it was listed as a bug in the beta. They said that now it should be fixed and you should only need this scope: 'wl.contacts_skydrive'.
here is the thread
I need some help in understanding a problem. Here is the scenario. We have a windows domain controller machine and several machines in that domain. (Everything in windows 2008). In one of the machines in that domain (machine name AlphaSiter) our own custom java based product is installed. To log on into our product, you have to provide a user/password combo which is validated against the active directory. Now here is the scenario.
Log into the domain controller and create a user (say David) in the active directory and set the “User must change password in next login option”.
Go to the machine called AlphaSiter where our custom product is installed and try to login to our product with the newly created user credentials and then change password successfully.
The side affect is that in the AlphaSiter machine in C:\Users the user folder is created..that is c:\Users\David. Also this folder is only created if at the time of user creation the “User must change password in next login option” is set. This user folder is not created if the option is unchecked. We are not creating the folder programmatically from our code. So I am wondering how this folder is getting created.Is it something that windows does internally?
Any help on this would be appreciated as I have to give explanation to our customer ---:)
The user's profile folder is always created when there is some profile information that needs to be stored. It may be some registry settings in HKCU hive.
You can use RegMon to track regitry activity.