Windows Vista Programmatically remap user directories - windows

I re-image one of my machines regularly; and have a script that I run after the OS install completes to configure my machine; such that it works how I like.
I happen to have my data on another drive...and I'd like to add code to my script to change the location of the Documents directory from "C:\Users\bryansh\Documents" to "D:\Users\bryansh\Documents".
Does anybody have any insight, before I fire up regmon and really roll up my sleeves?

I use reparse points http://www.hanselman.com/blog/MoreOnVistaReparsePoints.aspx to redirect My Documents.

SHSetFolderPath Function should help, since this article mentions its use for folder redirection by the Group Policy API.

Related

Change Windows settings via script

I wanted to setup a computer with a variety of settings which I basicly have to do over and over and over again everytime a new user joins our company or changes the computer and I wanted to know if there was a possible way to configure those with a script like I already did with an information colletor script (batch file) and which now works perfectly fine thanks to this webside.
So since I know that here are some really awesome IT Guys with way more experience then me I would love to so something automatic as the next step to save loads of time by simply running a script to configure things like setting up the screensaver, InternetOptions, removing Apps/Softwarelinks in the Start Menu or perhaps even adding links to the bookmark list in firefox or chrome so the user can just start to work and I got loads of time for other important things.
For now it would already be a help to setup a script for Windows 7 but I think we will move more and more to windows 10 so would it be possible to write something to use on both systems without any big changes?
... configure things like setting up the screensaver, InternetOptions,
removing Apps/Softwarelinks in the Start Menu or perhaps even adding
links to the bookmark list in firefox or chrome so the user can just
start to work and I got loads of time for other important things.
Everything you ask about can be configured in a centralized fashion via Active Directory Group Policy. Check the Group Policy Survival Guide page to get started designing the policy for your organization and users.
Group Policy can be defined using PowerShell and via Group Policy Management Console which is GUI-based.
Note that the above will only work if you are in Active Directory domain. If you are not, you still can use Local Group Policy, but you will have to run a script on every user's computer. I am not sure whether there are native PowerShell cmdlets to manage Local Group Policy, but AFAIK you can do that via Windows Registry or using special tools.

How to prevent file redirection to VirtualStore for read/write files?

I am using C# with .net 2.0
I am saving my program data in a file under: C:\ProgramData\MyProgramName\fileName.xml
After installing and running my application one time I uninstalled it (during uninstallation I'm removing all the files from "program data") and then I reinstall the application, and ran it.
The strange thing is that my application started as if the files in program data existed - means, I had old data in my app even though the data file was deleted.
When running:
File.Exists("C:\ProgramData\MyProgramName\fileName.xml")
I got "true" even though I knew for sure that the file does not exist.
The thing became stranger when I ran the application as admin and then the file didn't exist.
After a research, I found out that when running my application with no admin privileges instead of getting:
C:\ProgramData\MyProgramName\fileName.xml
I get
C:\Users\userName\AppData\Local\VirtualStore\ProgramData\MyProgramName\fileName.xml
and indeed there was a file that existed from the previous installation (that I obviously didn't delete, because I didn't know it existed).
So just guide me how could I stop this when apps running with no admin right.
I do not want to create any file automatically in VirtualStore folder. Please discuss all the possible ways to stop this.
First, ask yourself, do this need to be globally saved for all users?
If it doesn't have to be, save the file in Application Data instead, you can get the path with Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), it should always reliably expand to C:\Users\Username\AppData\Roaming\. Do note that this path is unique for each user though.
If you have to, you're out of luck. There is no reliable way to store application data for all users without admin rights (or UAC) on any Windows post-XP that's not extremely hacky, like storing your data in the Public user (which may or may not be possible, I can't check right now).
An approach to solving this is to use the Environment.SpecialFolder.CommonApplicationData location, but with some very important caveats & setup.
CommonApplicationData is
The directory that serves as a common repository for
application-specific data that is used by all users.
This location is described further here and here.
Important requirements and restrictions are given in another SO answer: https://stackoverflow.com/a/22107884/3195477
which said in part:
The recommended solution is for your installer to create a sub
directory of C:\ProgramData for your shared storage. And that sub
directory must be given a permissive ACL by the installation program.
That is what grants the desired access to all standard users.
Otherwise the program running with standard user permission will still not be all equally able to read/write files in that location for all users.
I found a work around for this issue when transferring a very old win32 app to windows 7 & 10. The program wrote to a database on C:\Program Files... but the OS auto changed the path to virtual store. However the database was required globally. By changing compatablilty mode to Windows 95 or XP SP2 and always running as administrator the database was worked on directly in C:\Program Files\etc.
There are security implications for this and the box was removed from all networks and adapters disabled etc.

How to create user with access only to one given folder?

I need to make "sandbox" to run scripts and applications (PHP, Perl, exe files, Ruby, and so on). But interpreters needs to be accesible to run and only one folder can be accessible to be changed. Also it will be great to allow application to be launched with quotas on hard drive. What do I need to use in this case?
I need solution in C#
You could just setup windows Security to allow this, select the folder you wish the user to access to and set permissions on it (right click, properties, security). The problem with this approach is you need to find all other folders and revoke access to them if you don't want the user using them (ie EVERYONE and USERS access).
Alternativly have a peek at the WinJail package which does as you require. (CHROOT/JAIL implimentation for windows).
You might need to create some sort of virtual drive.
Look at this
creating virtual hard Drive
and a csharp library to play with virtual drives
http://dokan-dev.net/en/
Hope this help
You can set a filesystem filter on all file operations and control them this way, but such wide filter will slowdown operations significantly, especially if checks are done in user mode (via callbacks). You can test our CallbackFilter product, which lets you do the above in C#, but be ready for slowness.

In Windows is any folder alternative to ProgramData?

I'm writing a desktop app and need a folder which...
Exists in Windows 7 and Vista
Is common to all users (for store config data).
Application can save data on it, without Admin privileges (not like "ProgramData").
is standard (I don't want to create another app specific folder in "C:", the Desktop or other place alike.)
"Program Files" is not an option, of course.
Can you suggest an appropriate folder, or better use the Registry?
The recommended way to do this is to create a folder at install time, dedicated to your application, underneath "ProgramData" (i.e. CSIDL_COMMON_APPDATA/FOLDERID_ProgramData).
As you already know, the CSIDL_COMMON_APPDATA folder is read only for standard users. So your install program needs to give the folder that it creates an ACL that permits the access that you require.
This is the solution that meets all the criteria laid out in your bullet points.
You mention the registry. There is no area of the registry that is shared between all users and yet writeable by standard users. Whilst you can use ACLs to grant more permissive access rights to the registry, it is really not the done thing. Please forget that I even mentioned this possibility!
IF your app is .NET then use CommonApplicationData - you can get the real location by calling GetFolderPath.
EDIT - as per comments:
You need to setup ACL correctly - for sample source code on how to do this see http://www.codeproject.com/Tips/61987/Allow-write-modify-access-to-CommonApplicationData
What about Public User directories? For Example: C:\Users\Public\Libraries or C:\Users\Public\Documents
I've noticed these folder on several of my Windows 7 machines. I'm not sure if it is always there, but might be an option. I was hoping for something like an %appdata% for the Public User, but the closest thing I found was Public\Libraries.
(As a side note, it appears C:\Users\Public\Desktop does require admin to write to.)
what about using %APPDATA%/Company/Product for the directory?

No access to Program Files in Windows 7

I'm totally new to windows 7 and have just installed Apache server. I want to change httpd file... But when opening file with notepad and saving it, I get a message that I have no rights... My user is a member of Administrators group. What else can I do?
Thanks
P.S. Could you suggest any nice tutorials on dealing with user administration and admin accounts?
You need to take ownership of the folder, which requires a registry hack. (You can search for takeown registry)
My advice is to install your Apache server outside of "Program Files". You should not have files requiring regular modifications in Program Files.
Maybe try a different editor, say NotePad++. Run in Administrator. Also make sure that Apache is not running and any related tasks are shut down. Try it in Safe Mode if you get desperate.

Resources