My app needs to write (and move) files to a folder from a non-admin user, and that user has no permission to use that folder.
I tried changing the permissions for the folder but it doesn't appear to have an effect.
Are there built-in restrictions from allowing me to do that?
What I do is write to Documents and then attempt to move file to final folder, which fails...
Thanks for any answers!
Here is the code:
Dim t as TextOutputStream
Dim tempfile as FolderItem = SpecialFolder.Documents.Child(filePath.Name)
t = tempfile.CreateTextFile
t.Write fileData
t.close
Dim p as New Permissions( 0 )
p.OthersExecute = True
p.OthersWrite = True
p.OthersRead = True
filePath.Parent.Permissions = p
tempfile.MoveFileTo filePath.Parent
The OS is designed to STOP this sort of thing as it's a huge security hole otherwise
You could use one of the functions in the Monkeybread Software plugin, AuthorizationMBS, to allow authorization, assuming the user can elevate the security level. In a class of mine that has to get into a System location, I have this:
Protected Function mbsAuthorize() As boolean
dim a as AuthorizationMBS
dim s(2) as String
if mbsAuthorized then
mbsForm = mbsAuth.ExternalForm
Return true
else
a = New AuthorizationMBS
If a.NewAuthorization(nil, a.kAuthorizationFlagPreAuthorize) Then
a.SimpleAuthorize
if a.Authorized then
mbsAuth=a // save so the externalform doesn't get invalid
mbsForm=a.ExternalForm // copy to string for later use.
Return true
end if
else
break
End if
end
return false
End Function
The class has these properties:
mbsForm as string
mbsAuth as AuthorizationMBS
Related
I have xlsm file which I need to edit. However, macros there block my script from editing. My code is following:
xlsm_file_name = "webADI_template_Bankbuchungen_GL.xlsm"
'opening xlsm file and setting readonly to false
set xlobj = createobject("Excel.Application")
set excel_file = xlobj.workbooks.open("C:\Users\oleynikov nikolay\Desktop\VBS Automation Scripts\processed_data\Excel Datei\"&xlsm_file_name, readonly=false)
'making changes invisible for the user
excel_file.application.enableevents = false
xlobj.Visible = false
'defining the sheet where we will be inserting our data into
set excel_sheet = excel_file.worksheets(1)
excel_sheet.cells(13,4).value = "EUR"
excel_file.application.enableevents = TRUE
xlobj.DisplayAlerts = FALSE
excel_file.save
At the end of the day, no values are added. This happens because double clicking on the cell runs the macro. I need to disable this macro, insert necessary values and then enable the macros again.
Is there a possibility to do it?
Thank you.
Try this (it seems it should work):
Returns or sets an MsoAutomationSecurity constant that represents the security mode that Microsoft Excel uses when programmatically opening files. Read/write.
MsoAutomationSecurity can be one of these MsoAutomationSecurity constants:
msoAutomationSecurityByUI. Uses the security setting specified in the Security dialog box.
msoAutomationSecurityForceDisable. Disables all macros in all files opened programmatically without showing any security alerts.
VB
Sub Security()
Dim secAutomation As MsoAutomationSecurity
secAutomation = Application.AutomationSecurity
Application.AutomationSecurity = msoAutomationSecurityForceDisable
Application.FileDialog(msoFileDialogOpen).Show
Application.AutomationSecurity = secAutomation
End Sub
https://learn.microsoft.com/en-us/office/vba/api/excel.application.automationsecurity
I am trying to do a find and replace operation on several Word documents in a folder. I wrote the following VBScript to do that:
Option Explicit
Dim Word, Document, FolderPath, FileSystem, FileList, File, Doc, InfoString
Const ReadOnly = 1
Const wdFindContinue = 1
Const wdReplaceAll = 2
Const wdOriginalDocumentFormat = 1
Set FileSystem = CreateObject("Scripting.FileSystemObject")
FolderPath = FileSystem.GetAbsolutePathName(".")
Set FileList = FileSystem.GetFolder(FolderPath).files
Set Word = CreateObject("Word.Application")
Word.Visible = False
Word.DisplayAlerts = False
For Each File in FileList
If LCase(Right(File.Name,3)) = "doc" Or LCase(Right(File.Name,4)) = "docx" Then
If File.Attributes And ReadOnly Then
File.Attributes = File.Attributes - ReadOnly
End If
Set Doc = Word.Documents.Open(File.Path,,True)
' find and replace stuff
End If
Next
Word.Documents.Save True, wdOriginalDocumentFormat
Word.Quit
MsgBox("Done")
Problem is, when it reaches the line Word.Documents.Save, a Save As dialog box always pops up. If I click Cancel, I get an error from Windows Script Host saying the file is write protected, even though it is not shown as write protected if I open the Properties dialog in File Explorer. If I click save, I am prompted to save all the other files too. What is the problem here?
I have a suspicion that it is caused by the Word documents being very old, like from the 1990s.
Set Doc = Word.Documents.Open(File.Path,,True)
and look at the docs from Object Browser.
Function Open(FileName, [ConfirmConversions], [ReadOnly], [AddToRecentFiles], [PasswordDocument], [PasswordTemplate], [Revert], [WritePasswordDocument], [WritePasswordTemplate], [Format], [Encoding], [Visible], [OpenAndRepair], [DocumentDirection], [NoEncodingDialog]) As Document
Member of Word.Documents
So the True says to open Read Only. This is Word's read only, nothing to do with the file.
I'm trying to run an integration test on my class to make sure an event i expect to be raised is raised:
'integration test not unit test
<TestMethod()>
Public Sub Change_Network_File_Causes_Event_To_Be_Raised()
Dim EventCalled As Boolean
Dim deployChk = New TRSDeploymentCheck("foo")
deployChk._localFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameLocalGUIDFile.txt")
AddHandler deployChk.DeploymentNeeded, Sub() EventCalled = True
deployChk.NetworkFileLocation = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameNetGUIDFile.txt")
ChangeNetworkFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameNetGUIDFile.txt"))
Assert.IsTrue(EventCalled)
End Sub
Here is how i setup the FileSystemWatcher Object in my class:
Friend Property NetworkFileLocation As String
Set(value As String)
_netFileLoc = value
If File.Exists(value) Then
_watcher = New FileSystemWatcher(value.Replace(Path.GetFileName(value), String.Empty))
_watcher.EnableRaisingEvents = True
AddHandler _watcher.Changed, AddressOf OnNetworkFileChanged
End If
End Set
Get
Return _netFileLoc
End Get
End Property
Private Sub OnNetworkFileChanged(source As Object, e As FileSystemEventArgs)
If IsDeploymentNeeded() Then RaiseEvent DeploymentNeeded()
End Sub
I put a breakpoint in the OneNetworkFileChange sub. The breakpoint is never hit. I have verified the file is actually being changed in ChangeNetworkFile I even copied the code (except for hard coding the path) and copied it into a windows app which i ran during my unit test. It worked in my windows app. What am i missing here?
Finally figured it out after some testing. Well the reason EventCalled is never true above is because the "windows message pump" for the test is blocked. The event will be fired but only after the test completes (which of course is to late). So how do you fix it? Its kind of messy and i don't like it but i referenced System.Windows.Forms.dll & called Application.DoEvents()
'integration test not unit test
<TestMethod()>
Public Sub Change_Network_File_Causes_Event_To_Be_Raised()
Dim EventCalled As Boolean
Dim deployChk = New TRSDeploymentCheck("foo")
deployChk._localFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameLocalGUIDFile.txt")
AddHandler deployChk.DeploymentNeeded, Sub() EventCalled = True
deployChk.NetworkFileLocation = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameNetGUIDFile.txt")
ChangeNetworkFile(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "TestFiles\SameNetGUIDFile.txt"))
Application.DoEvents()
Assert.IsTrue(EventCalled)
End Sub
Until some tells me a better way this appears to be the solution.
Probably its the filter (string.Empty) which apparently only looks at files without an extension (that's an assumption).
Try "*.*" or something like this:
_watcher = New FileSystemWatcher(value.Replace(Path.GetFileName(value), string.Concat("*.", Path.GetExtension(value))))
I think my question is quite simple, but I can't find a solution.
I want to create a file in a folder that's located near the application file (MacOS).
To create a new folder:
dim fi as FolderItem = getFolderItem( "MyFolder" )
fi.CreateAsFolder
And now I need to get a FolderItem for the file inside this folder. How can I do it?
This will get you pretty close to what you want.
dim fi as FolderItem = getFolderItem( "MyFolder" )
if fi.exists = false then
fi.CreateAsFolder
end
dim fChild as folderitem = fi.child("someFile")
if fChild.exists = false then
//Do something like create it.
//Look at TextOutputStream or similar
else
//Already exists. Open it?
end
Solution (kinda):
Turns out this impersonation with .NET's security only allows application-level access. Since the COM object is at the system level, the impersonated user still cannot instantiate it. I figured this out by right-clicking the executable and selecting "Run As...", the program functioned fine. I found out that launches the program with system access (assuming the user you are running it with has those credentials). Now I am in the process of creating an external program that will launch this application using this method.
Thanks for the tips :D
I have a windows XP installation on a virtual machine. It is part of my domain, but the logged in user is a local user only. Obviously, if I try to access a network share it will prompt for a user/password:
The program I am testing out on the virtual machine uses a COM object to interface with data from another program. If I do not impersonate, I get errors because I do not have the proper credentials.
I did some research into the matter and found a number of websites that had a decent amount of VB.NET information. The problem I am having with the code I wrote is I can access the network resources, but I cannot instantiate the COM object.
If I fill and submit the credential prompt (above) before attempting to instantiate it, it works fine. That leads me to believe there must be something that the WinXP credential prompt is doing that I am not. Below is the code I am using for Impersonation:
Public Sub BeginImpersonation()
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
Const SecurityImpersonation As Integer = 2
Dim win32ErrorNumber As Integer
_tokenHandle = IntPtr.Zero
_dupeTokenHandle = IntPtr.Zero
If Not LogonUser(_username, _domainname, _password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, _tokenHandle) Then
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
Throw New ImpersonationException(win32ErrorNumber, GetErrorMessage(win32ErrorNumber), _username, _domainname)
End If
If Not DuplicateToken(_tokenHandle, SecurityImpersonation, _dupeTokenHandle) Then
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
CloseHandle(_tokenHandle)
Throw New ImpersonationException(win32ErrorNumber, "Unable to duplicate token!", _username, _domainname)
End If
Dim newId As New System.Security.Principal.WindowsIdentity(_dupeTokenHandle)
_impersonatedUser = newId.Impersonate()
_impersonating = True
End Sub
I have also tried sending different flags to the impersonator method, but nothing seems to be working. Here are the different flags I found:
Enum LOGON32_LOGON
INTERACTIVE = 2
NETWORK = 3
BATCH = 4
SERVICE = 5
UNLOCK = 7
NETWORK_CLEARTEXT = 8
NEW_CREDENTIALS = 9
End Enum
Enum LOGON32_PROVIDER
[DEFAULT] = 0
WINNT35 = 1
WINNT40 = 2
WINNT50 = 3
End Enum
Enum SECURITY_LEVEL
Anonymous = 0
Identification = 1
Impersonation = 2
Delegation = 3
End Enum
I have run into this before, and used two different soloution - the easiest was using a third party app: TqcRunas: http://www.quimeras.com/Products/products.asp which allows you to package the required creentials in an encrypted file. However is a pain if the password is forced to expire.
The other solution that I have used is to call a new process with alternative credentials:
Dim myProcessStartInfo As ProcessStartInfo = New ProcessStartInfo
With myProcessStartInfo
.FileName = "file path and name"
.Domain = "domainname"
.UserName = "username"
'password needs to be a SerureString
Using NewPassword As New Security.SecureString
With NewPassword
For Each c As Char In "password".ToCharArray
.AppendChar(c)
Next c
.MakeReadOnly()
End With
.Password = NewPassword.Copy
End Using
'UseShellExecute must be false for impersonated process
.UseShellExecute = False
End With
Using Process As New System.Diagnostics.Process
With Process
.StartInfo = myProcessStartInfo
.Start()
End With
End Using
With your definitions, I use
LogonUser(_username, _domainname, _password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, _tokenHandle)
in my code that is authenticating across the network. I am impersonating a local user on the remote box, as you are. It was so long ago that I don't remember the rationale for using these values, however.
I do a similar thing to map network drives for copying files between machines. I didn't write the code but it's pretty much the same as yours, except for two things:
After the Impersonate method returns I close both tokens using the CloseHandle routine, before I exit my impersonator method.
At the top of the impersonator the first thing that happens is a call to RevertToSelf, presumably to cancel any previous impersonation.
I don't know if they would make a difference but it's worth a try. Here are the relevant declarations:
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long