Guest Happs Posted July 4, 2008 Posted July 4, 2008 Dear, Forgive me, if I have posted in wrong forum. Please point me to the correct forum for my enquiry below. As we are updating our program and installer to support Vista, we need to programmatically modify the windows folder's Users rights. For example: - We created a folder under "C:\ProgramData\Test\" and store some files which our program need to update when it runs. - Works fine in Administrator mode. - In Standard user mode it does not work as the folder does not have the full rights. If we go to administrator account, select the above folder, right click to select Properties, Security tab, select Users and apply 'Full control' then works fine in standard user. Can we set the Users full controls programmatically? Is there any other approach? Thanks in advance. Regards, MA -- Happs Quote
Guest Happs Posted July 5, 2008 Posted July 5, 2008 Dear, I am trying to give full rights to a folder in Vista so my program can modify the files in the folder in Admin/Standard user mode. The folder I am creating is under "C:\ProgramData" folder. The code below execute without any error but the "Users" account don't get the full rights. Thanks in advance for looking at my post and your expert advice. ============================================================== using System.IO; using System.Security.Principal; using System.Security.AccessControl; static void Main(string[] args) { string folderPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "Test_folder"); if (!Directory.Exists(folderPath)) Directory.CreateDirectory(folderPath); UpdateAccountRightrs(folderPath); Console.ReadLine(); } /// <summary> /// Iterate each account and update rights /// </summary> /// <param name="folderPath"></param> private static void UpdateAccountRightrs(string folderPath) { Console.WriteLine("-> UpdateAccountRightrs() folderPath: " + folderPath); FileSecurity security = File.GetAccessControl(folderPath); AuthorizationRuleCollection acl = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (FileSystemAccessRule ace in acl) { string accountName = ace.IdentityReference.Value; Console.WriteLine("-> UpdateAccountRightrs() Account: " + accountName); Console.WriteLine("-> UpdateAccountRightrs() Rights: " + ace.FileSystemRights); Console.WriteLine("-> UpdateAccountRightrs() Account: " + accountName); if (ace.FileSystemRights != FileSystemRights.FullControl) ProvideFullRights(folderPath, accountName); } Console.WriteLine("<- UpdateAccountRightrs()"); } /// <summary> /// Provide the full rights to the account /// </summary> /// <param name="filePath"></param> /// <param name="accountName"></param> private static void ProvideFullRights(string folderPath, string accountName) { Console.WriteLine("-> ProvideFullRights() accountName: " + accountName); if ((folderPath.Length == 0) || (accountName.Length == 0)) return; FileSecurity fs = File.GetAccessControl(folderPath); fs.AddAccessRule(new FileSystemAccessRule(accountName, FileSystemRights.FullControl, AccessControlType.Allow)); File.SetAccessControl(folderPath, fs); Console.WriteLine("<- ProvideFullRights()"); } ====================================================== Regards, MA -- Happs Quote
Guest Charlie Tame Posted July 5, 2008 Posted July 5, 2008 Happs wrote:<span style="color:blue"> > Dear, > > I am trying to give full rights to a folder in Vista so my program can > modify the files in the folder in Admin/Standard user mode. > > The folder I am creating is under "C:ProgramData" folder. The code > below execute without any error but the "Users" account don't get the > full rights. > > Thanks in advance for looking at my post and your expert advice. > > ============================================================== > using System.IO; > using System.Security.Principal; > using System.Security.AccessControl; > > > static void Main(string[] args) > { > string folderPath = > Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), > "Test_folder"); > > if (!Directory.Exists(folderPath)) > Directory.CreateDirectory(folderPath); > > UpdateAccountRightrs(folderPath); > > Console.ReadLine(); > } > > > > /// <summary> > /// Iterate each account and update rights > /// </summary> > /// <param name="folderPath"></param> > private static void UpdateAccountRightrs(string folderPath) > { > Console.WriteLine("-> UpdateAccountRightrs() folderPath: " > + folderPath); > > FileSecurity security = File.GetAccessControl(folderPath); > AuthorizationRuleCollection acl = > security.GetAccessRules(true, true, > typeof(System.Security.Principal.NTAccount)); > > foreach (FileSystemAccessRule ace in acl) > { > string accountName = ace.IdentityReference.Value; > Console.WriteLine("-> UpdateAccountRightrs() Account: > " + accountName); > Console.WriteLine("-> UpdateAccountRightrs() Rights: " > + ace.FileSystemRights); > Console.WriteLine("-> UpdateAccountRightrs() Account: > " + accountName); > > if (ace.FileSystemRights != > FileSystemRights.FullControl) > ProvideFullRights(folderPath, accountName); > } > > Console.WriteLine("<- UpdateAccountRightrs()"); > } > > > > > /// <summary> > /// Provide the full rights to the account > /// </summary> > /// <param name="filePath"></param> > /// <param name="accountName"></param> > private static void ProvideFullRights(string folderPath, > string accountName) > { > Console.WriteLine("-> ProvideFullRights() accountName: " + > accountName); > > if ((folderPath.Length == 0) || (accountName.Length == 0)) > return; > > FileSecurity fs = File.GetAccessControl(folderPath); > fs.AddAccessRule(new FileSystemAccessRule(accountName, > FileSystemRights.FullControl, > AccessControlType.Allow)); > File.SetAccessControl(folderPath, fs); > > Console.WriteLine("<- ProvideFullRights()"); > } > ====================================================== > > Regards, > MA > > </span> Have you tried the Visual Studio group in case someone has already figured this out? You could post the same question again to both groups (thus seeing all answers in both places) or if you post separately you might let the folks in both groups know if you got an answer. I can't help personally but have a feeling that the system is designed to not allow you to do what you wish to do. Quote
Guest Kerry Brown Posted July 5, 2008 Posted July 5, 2008 "Happs" <guest@unknown-email.com> wrote in message news:21bc9e7ad0b193382685688b109f45d3@nntp-gateway.com...<span style="color:blue"> > > Dear, > > Forgive me, if I have posted in wrong forum. Please point me to the > correct forum for my enquiry below. > > As we are updating our program and installer to support Vista, we need > to programmatically modify the windows folder's Users rights. For > example: > > - We created a folder under "C:ProgramDataTest" and store some files > which our program need to update when it runs. > - Works fine in Administrator mode. > - In Standard user mode it does not work as the folder does not have > the full rights. > > If we go to administrator account, select the above folder, right click > to select Properties, Security tab, select Users and apply 'Full > control' then works fine in standard user. > > Can we set the Users full controls programmatically? Is there any other > approach? ></span> You need to set the ACLs during the install. The install needs to run with Administrator privileges. Don't give Users Full Control. Figure out exactly what is needed and give them the needed permissions. At most they need Modify. This is the way secure OS' are supposed to work. Users can change user settings. Administrators can change system settings. http://msdn.microsoft.com/en-ca/windowsvista/default.aspx -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ Quote
Guest Pete Delgado Posted July 10, 2008 Posted July 10, 2008 "Happs" <guest@unknown-email.com> wrote in message news:21bc9e7ad0b193382685688b109f45d3@nntp-gateway.com...<span style="color:blue"> > > Dear, > > Forgive me, if I have posted in wrong forum. Please point me to the > correct forum for my enquiry below. > > As we are updating our program and installer to support Vista, we need > to programmatically modify the windows folder's Users rights. For > example: > > - We created a folder under "C:ProgramDataTest" and store some files > which our program need to update when it runs. > - Works fine in Administrator mode. > - In Standard user mode it does not work as the folder does not have > the full rights. > > If we go to administrator account, select the above folder, right click > to select Properties, Security tab, select Users and apply 'Full > control' then works fine in standard user. > > Can we set the Users full controls programmatically? Is there any other > approach? > > Thanks in advance.</span> There are a variety of ways to accomplish what you want to do. I prefer to use the ATL security classes as they seem to provide the easiet interface to use for C++ programmers to adjust ACLs. You may wish to take a step back though and examine whether you application truly needs to set ACLs. If the data is user-based rather than program-wide data that should be shared by all users, you will need to rethink your strategy and start storing data in the recommended locations. -Pete Quote
Guest Happs Posted July 10, 2008 Posted July 10, 2008 Thank you all for your response. Regards, MA -- Happs Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.