Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
File ownership for legacy installer programs
If I run as an administrative user a legacy installer program for a program
which stores user settings and data in its own directory, then the files and directories it creates are owned by and accessible to that user, and the program runs correctly as that user. But if I run the installer as a regular user, and then enter an admin user's password in the UAC dialog when the program needs to elevate its privileges, will the files and directories which it creates be owned by the regular user or the admin user? Will they by default at least be set as writeable by the regular user? I've read that Vista has a compatibility mode by which programs which try to write data to their own program directories while running as ordinary users will have that data transparently written instead to a union directory under the user's own home directory so that the program will work properly on Vista, but even when I enable compatibility mode in the program's settings, I can't get Palm's desktop software to work under a user account. Even more oddly, it won't work even if I run it with the "run as administrator" option in a regular user account. Are there any known problems with the union directory feature on Vista build 5536? |
|
|||
File ownership for legacy installer programs
Hello,
snip But if I run the installer as a regular user, and then enter an admin user's password in the UAC dialog when the program needs to elevate its privileges, will the files and directories which it creates be owned by the regular user or the admin user? They will be owned by the administrators group. Will they by default at least be set as writeable by the regular user? No. They will only inherit the permissions marked as inheritable from the parent folder. For most folders, this is Normal users read-only, administrative users full control. The only folder normal users have write access to is their user profile directory. You will need to manually edit security to allow a user write-access to a folder outside of their user profile directory. I've read that Vista has a compatibility mode by which programs which try to write data to their own program directories while running as ordinary users will have that data transparently written instead to a union directory under the user's own home directory so that the program will work properly on Vista, but even when I enable compatibility mode in the program's settings, I can't get Palm's desktop software to work under a user account. Even more oddly, it won't work even if I run it with the "run as administrator" option in a regular user account. Are there any known problems with the union directory feature on Vista build 5536? The "Virtualization" compatability mode is enabled for 32-bit programs that were not designed for Windows Vista and are not running as administrator. This mode will silently redirect programs that save things to HKEY_LOCAL_MACHINE and certain folder locations such as program files to the user's profile directory. Due to the way virtualization is designed, it can cause problems in certain situations. For example, a program that relies on a certain file being writable from different user accounts will behave unexpectedly, since each user will have their own copy of that file and will not see changes made from other user accounts. Virtualization also causes problems if you are dual-booting and wanting to share config files for certain applications between Vista and the other operating system. Based on what you described with Palm's desktop software, I do not believe virtualization is the culprit, as running the program "as administrator" disables virtualization, and this would have allowed the program to work. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |