i am using Vista . I designed MSi file through Visual Studio 2008 Setup and deployment project in which I added one custom action. In the custom action, I am opening OpenFile dialog. This Open File dialog is not showing mapped drive or network locations. so how can i make the open file dialog to mapthe network drives.
This is a known problem with Vista User Account Control. When your installation program is started, the non-admin session of the user is elevated to an admin session. The problem is: Network drives mapped in the non-admin session of the user do not automatically carry over to the admin session.
Unfortunately, there is not much you can do about it. (You can start an elevated command prompt prior to starting your setup project and manually net use the drive letters there, but I guess that's not something you can expect your customers to do.)
Related question: Preserve mapped drive letter information during UAC elevation
Related
Apologies if this is a really simple question...
We have a .NET application that is installed by an administrator, and then run by multiple staff on the same computer with their own login credentials (normal user - non-admin).
Application uses MSI installer and is installed to Program Files folder.
The application needs to have some settings about attached devices to the computer saved as preferences so when a user opens the app these settings are set and the user is not asked for preferences each time. These preferences should not be set per user, rather per computer.
However if user A changes one of these settings on the computer, then when user B logs in they should see the changed setting from user A.
Hence the settings need to be per computer, not per user.
Where in windows 7,8,10 etc. can an application save data that is computer specific not user specific, yet allow users without admin rights to change that data?
We have looked at system temp folder but the computers have GPO policy to regularly remove temp folder content.
Any other ideas?
It takes administrator rights to change the permissions on a registry key inside HKLM, but once that's done, anyone in the group given permission can make modifications.
Obviously don't change permissions on any of the standard keys (e.g. HKLM\Software or HKLM\Classes) but in your own application area (HKLM\Software\YouCorp\YouApp\Attached Devices) it's perfectly fine to adjust permissions the way you like.
You'll just have to include "grant write permission on HKLM\Software\YouCorp\YouApp\Attached Devices to the group Users" as one of the actions of your installer.
If you are allergic to the registry, you can do the same with a subdirectory of your application install (e.g. %ProgramFiles%\YouCorp\YouApp\Device Settings)
Given you are using a .Net application, you could store the information in the app.config file associated with the application.
Small parts of my application require admin rights (activation of the software needs to go to HKLM). For this, I draw shield icons on the buttons whose action require admin rights and when clicking, I restart the application with an appropriate parameter again using "runas" verb.
This works very good! However, now it happens that users execute the application from a network share. If they click on the "admin rights button" now, they get an error message because the network drive is not mapped for the administrator, therefore the executeable can't be found :-(
What's the best way around this?
Mapped drives are stored with each logon session, so you don't have them after elevation.
You can extract the admin interface to another executable and mark it as requireAdministrator in the manifested. Then launch the admin executable via ShellExecute. Windows Explorer will copy the drive mapping in this case (undocumented behavior, though).
I have a VB6 application which links to several POS terminals from a Windows 7 32-bit machine. The POS terminals are mapped to the Windows 7 machine and I can access the POS terminals from the Windows 7 machine from Explorer or via the cmdline/shell.
The application has been updated to ADO 2.8 and all other controls and components I no longer had source code for have been re-written. After a few annoying hiccups, I got the application to recompile on the Windows 7 computer without errors.
Now come the problems. The VB6 application cannot see or navigate to any mapped drives! I have tried twiddling UAC settings; I have set the app to run in Windows XP SP3 mode; I have tried running as Administrator. None of these things (and many permutations of these) work.
Any suggestions on how to make this work?
Adding this registry setting solved the problem for me: http://technet.microsoft.com/en-us/library/ee844140%28v=ws.10%29.aspx.
To work around this problem, configure the EnableLinkedConnections
registry value. This value enables Windows Vista and Windows 7 to
share network connections between the filtered access token and the
full administrator access token for a member of the Administrators
group. After you configure this registry value, LSA checks whether
there is another access token that is associated with the current user
session if a network resource is mapped to an access token. If LSA
determines that there is a linked access token, it adds the network
share to the linked location. To configure the EnableLinkedConnections
registry value
Click Start, type regedit in the Start programs and files box, and
then press ENTER.
Locate and then right-click the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Point to New, and then click DWORD Value.
Type EnableLinkedConnections, and then press ENTER.
Right-click EnableLinkedConnections, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor, and then restart the computer.
I believe you are having trouble because casual drive mapping is per-user, and on a UAC system Administrators group users have two separate contexts (one for each token: SU & elevated).
There is such a thing as a system level drive mapping, which is one done under the System user (NT Authority\System). When you map a drive under this account, and map it persistently, all users can see and use the mapping (subject to the usual access rights for files there).
The normal way you do this is via Domain-level GPOs (Group Policy Objects), which means bribing your local box jockeys if in a corporate managed LAN environment.
One way to do this in a Workgroup machine is to map the letter as System via the AT command, from an elevated command prompt:
at 8:53 am "net use m: \\MediaShare\MyLibrary
ThePW /user:MediaShare\TheUser /persistent:yes > nul"
There the remote server is MediaShare, user TheUser, password ThePW, and 8:53 AM is a minute or two in the future to avoid accidentally scheduling this for tomorrow.
But this fails on Vista and later due to Session 0 Isolation!
So... use the 3rd alternative at Run CMD.exe as Local System Account which is the same thing mentioned by ForcePush's reply to How to map a network drive to be used by a service.
I believe that's what you are after here.
don't know if you ever figured this one out but for me it was the ChDir command (even with the registry fix above).
I had in my code
ChDir "P:\Temp\VidCap\Cam1\" 'I almost never use ChDir
Open "list.txt" For Output As #1
and all the VB6 inbuilt file commands looked straight though any operations, no errors, no nothing. I solved it by explicitly having the path, (in my code it was in a string but you could have it explicitly):
dd = "P:\Temp\VidCap\Cam1\"
Open dd & "list.txt" For Output As #1
works as expected.
hope this helps
H
Try this:
Open command prompt as administrator, and type this in:
net use Z: \\IP Address\share /user:you passwd /persistent:Yes
Change "IP Address", the "share" name, and your username and password as needed.
The author of this is howtogeek (source).
I had same problem. VB6 kept crashing when trying to access USB and mapped drives using the Commondialog method, even though the drives and files were all accessible OK via Explorer. Problem is the drives were not set as shared.
Solved by selecting the connected USB drive in explorer and then right click to
select Properties.
Select Sharing Tab
Select Advanced Sharing
Set the sharing and user rights as needed. May need to have local admin rights.
In matlab, I used a windows standalone application. There is a line in this application that writes a file in C:\...\...\. When I run the output exe file produced from this windows standalone application, the exe doesn't write in C:\...\...\ neither tells me that there is a security issues in that partition. All the execution does is nothing. But, when I right-click and run the exe as administrator, it runs correctly.
I want to do it without right-click and run as administrator. Are there is a command in matlab that can do that?
If you create a shortcut to your application, you can go to the Properties of the shortcut, click on Advanced in the Shortcut tab, and select "Run as administrator". That way, whenever you start the application from the shortcut it will be run as an administrator.
(Disclaimer: applications really shouldn't "foul their own nest" by writing into Program Files. This is bad design.)
Starting from Vista, unprivileged processes are not allowed to write to protected folders such as Program Files, because Program Files is designed to store code and not data. However, since this limitation has not been enforced in XP, MS has provided a backward-compatibility hack in the form of Virtual Store. Now, when a program tries to write to protected folder, its output is being redirected into a dedicated folder. This way, the program still "thinks" it writes to its usual location, while in fact it writes to an unprotected location. However, when you later check the Program Files location, you might not see the file - because it's not really there.
You can find more details here: User Account Control Data Redirection.
If you are administrator, add full control permission for your username to the destination folder. You do that by right clicking on the folder, going to properties and then security tab. Then edit and add you username with Full Control rights. Then you don;t have to run the the program as an administrator.
There is no way you can elevate a process once it is started, so Matlab cannot possibly have a command for that. Just running Matlab elevated.
I installed my application in Windows 7 and as part of the installation, it installs some text files. Now, if I open the text file in notepad and try to save it, I get an "Access denied" error. I'm logged in as administrator on the machine and the file is not marked read only and security permissions seem to be fine.
However, I could delete or rename the file without any problem and I could create a new file with the same name/location using notepad and the save works fine.
I understand it has something to do with UAC. I'm wondering what UAC does in order to block access to the file. Our application is not installed in Program files folder as I believe UAC restrict any changes to files in Program Files folder
Can anyone throw light on what is going on.
regards
G
With UAC, just because you're logged in as a user with administrator privileges does not mean a program actually runs with them. The program has to either request privilege elevation (which gives the "Do you want to allow this program to _____" UAC pop-up) or explicitly be run as administrator (right-click on the program/shortcut and choose Run as Administrator).
By default most areas of the drive outside of the standard "user files" (a.k.a. My Documents & co.) are restricted to administrator-only access, but the folder permissions can be changed to add access for a particular user if desired.
You will find that saving files almost anywhere except the "my documents" area for the user will be restricted, this includes saving to other drives on the system etc.
If you check the permissions for the directory you are trying to write to, all you have to do is expressely give the user permission. Otherwise only the admins have permission, which requires UAC approval from the user to get the admin token.
You normally get "Access Denied" error when the file is in use. UAC could not be an issue here. Check out if the file is in use by anyother process.
You can use tools like Process Explorer from sysinternals to do that.
You have to right click the file and select properties. THen open the security tab and you can see different accounts with differet privelages. Click USERS and it should highlight. The box under it should have a bunch of check marks that indicate what this user can do. Click Full Control. Apply and Okay. Then you can save!!!