Vista/7 permissions RRS feed

  • Question

  • Hi there, I have a question regarding permissions for files/folders in special locations such as "Program Files". Is it possibly to write to such a file without UAC dialog popup? UAC is turned on, a user is logged in as administrator, but the application is not run as administrator. I tried many samples of security functions, but they all do not help. For example, this one of taking object ownership http://msdn.microsoft.com/en-us/library/aa379620(VS.85).aspx fails in SetPrivilege function (AdjustTokenPrivileges fail with code ERROR_NOT_ALL_ASSIGNED). So should I always run an app as administrator to get full access or it is possible to programmatically change some permissions for that purpose (of course, I mean when I am logged in as admin)?
    • Edited by Lanamelach Wednesday, December 1, 2010 1:53 PM
    Tuesday, November 30, 2010 2:50 PM

All replies

  • If you need write access to Program Files in general, yes, manifest your application to run as administrator.

    If you don't, and it's a specific issue with a database file or something for your app, look at designing your application correctly so that it works for standard users. That may mean creating a directory under CSIDL_COMMON_APPDATA during your installation, with an ACL that is somewhat looser. Or it may mean making some things per-user.

    Tuesday, November 30, 2010 3:56 PM
  • Thanks. So now it is clear: any application that needs write acceess to program files must be run as admin.

    Today I noticed that on vista when I try to launch another process which is marked in manifest to require administrator rights from a calling process that doesn't require admin rights via CreateProcess function, it fails without asking any permissions. On windows 7 it works fine: when that process is launched the system pops up the window asking for permissions, but on vista it simpy fails. Is it a system bug or I do something wrong?

    Wednesday, December 1, 2010 1:47 PM
  • CreateProcess is failing with ERROR_ELEVATION_REQUIRED. Use ShellExecute.
    Thursday, December 2, 2010 1:31 AM