locked
Protected Directories (Questions) RRS feed

  • Question

  •   Hello.

      It seems that some directories in the computer are protected from our apps and I want to know more about it. Here are some questions:

    1. What directories are protected? Is "C:\" protected? "C:\somefolder\"? "C:\Users\%USERNAME%\Desktop\"?
    2. What the application can not do on these directories? Do it can Start Process from them? Copy files from them? Copy files to them? Change files (maybe changing text on a file)?
    3. If the app is running as Administrator, do it can access these protected directories without any problems? Can I make the app ask the user for Administrator permissions whenever the app needs it? Will that permission remain until the app is closed or for a specified time?

      Thanks for answers!


    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------

    Friday, August 12, 2016 5:49 PM

Answers

  • This is a function of UAC (User Account Control) which was implemented starting with Windows Vista, where most folders, other than the user's Documents folder, are protected against write operations for standard Windows users. An explanation of UAC is outside the scope of this forum, but you can read more below:

    https://technet.microsoft.com/en-us/library/cc709628(v=ws.10).aspx

    In most instances you can work around UAC by running an app elevated (as Administrator).


    Paul ~~~~ Microsoft MVP (Visual Basic)


    • Edited by Paul P Clement IV Friday, August 12, 2016 8:04 PM
    • Proposed as answer by Frank L. Smith Friday, August 12, 2016 8:08 PM
    • Marked as answer by Benur21 Saturday, August 13, 2016 3:16 PM
    Friday, August 12, 2016 8:03 PM
  •  Just to add to what Paul said,  you can use the RunAs Verb when using the Process class to run a Process with elevated privileges.  The user will be prompted to allow that program to be run with elevated privileges though.  There is no way around that without telling the user to turn off the UAC which most people will not do because of security risks.  8)

    If you say it can`t be done then i`ll try it

    • Proposed as answer by Frank L. Smith Friday, August 12, 2016 8:18 PM
    • Marked as answer by Benur21 Saturday, August 13, 2016 3:16 PM
    Friday, August 12, 2016 8:16 PM
  •   Well, I found something here (https://social.msdn.microsoft.com/Forums/en-US/102c19af-6dbd-4892-9283-7daf60b79199/an-exception-occurred-during-a-webclient-request?forum=vblanguage) that talks about some folders that which the app don't need Admin Rights to access. It seems that it can access the SpecialFolders (all of them?) including Desktop, MyDocuments, the Local and Temp folders. Then are all their subfolders unprotected too? Anyway I will use the Local Folder, like Microsoft does with the Applicaton Settings.


    Thanks A LOT!!!____________Benur21 Signature____________

    • Marked as answer by Benur21 Monday, August 22, 2016 7:53 PM
    Monday, August 22, 2016 7:53 PM

All replies

  •   Hello.

      It seems that some directories in the computer are protected from our apps and I want to know more about it. Here are some questions:

    1. What directories are protected? Is "C:\" protected? "C:\somefolder\"? "C:\Users\%USERNAME%\Desktop\"?
    2. What the application can not do on these directories? Do it can Start Process from them? Copy files from them? Copy files to them? Change files (maybe changing text on a file)?
    3. If the app is running as Administrator, do it can access these protected directories without any problems? Can I make the app ask the user for Administrator permissions whenever the app needs it? Will that permission remain until the app is closed or for a specified time?

      Thanks for answers!


    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------


    That's bound to be highly influenced by the OS itself. I don't see how this can be answered, honestly.

    Some people succeed because they were destined to, but most people succeed because they were determined to.

    • Proposed as answer by tommytwotrain Friday, August 12, 2016 6:22 PM
    Friday, August 12, 2016 6:13 PM
  •   Hello.

      It seems that some directories in the computer are protected from our apps and I want to know more about it. Here are some questions:

    1. What directories are protected? Is "C:\" protected? "C:\somefolder\"? "C:\Users\%USERNAME%\Desktop\"?
    2. What the application can not do on these directories? Do it can Start Process from them? Copy files from them? Copy files to them? Change files (maybe changing text on a file)?
    3. If the app is running as Administrator, do it can access these protected directories without any problems? Can I make the app ask the user for Administrator permissions whenever the app needs it? Will that permission remain until the app is closed or for a specified time?

      Thanks for answers!


    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------


    That's bound to be highly influenced by the OS itself. I don't see how this can be answered, honestly.

    Some people succeed because they were destined to, but most people succeed because they were determined to.

      I am having an error from an application running in a folder on C:\ when System.Diagnostics.Process.Start'ing another file on Desktop... it says access denied. I want to know why!

    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------

    Friday, August 12, 2016 6:20 PM
  •   Hello.

      It seems that some directories in the computer are protected from our apps and I want to know more about it. Here are some questions:

    1. What directories are protected? Is "C:\" protected? "C:\somefolder\"? "C:\Users\%USERNAME%\Desktop\"?
    2. What the application can not do on these directories? Do it can Start Process from them? Copy files from them? Copy files to them? Change files (maybe changing text on a file)?
    3. If the app is running as Administrator, do it can access these protected directories without any problems? Can I make the app ask the user for Administrator permissions whenever the app needs it? Will that permission remain until the app is closed or for a specified time?

      Thanks for answers!


    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------


    That's bound to be highly influenced by the OS itself. I don't see how this can be answered, honestly.

    Some people succeed because they were destined to, but most people succeed because they were determined to.

      I am having an error from an application running in a folder on C:\ when System.Diagnostics.Process.Start'ing another file on Desktop... it says access denied. I want to know why!

    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------

    We are not your slaves you know.
    • Proposed as answer by Frank L. Smith Friday, August 12, 2016 6:28 PM
    Friday, August 12, 2016 6:21 PM
  • Benur,

    Tommy knows more about this part than I do. He'll know what to suggest.

    You can create directories that are "always safe" - I think that's a better approach, honestly.


    Some people succeed because they were destined to, but most people succeed because they were determined to.

    Friday, August 12, 2016 6:30 PM
  • This is a function of UAC (User Account Control) which was implemented starting with Windows Vista, where most folders, other than the user's Documents folder, are protected against write operations for standard Windows users. An explanation of UAC is outside the scope of this forum, but you can read more below:

    https://technet.microsoft.com/en-us/library/cc709628(v=ws.10).aspx

    In most instances you can work around UAC by running an app elevated (as Administrator).


    Paul ~~~~ Microsoft MVP (Visual Basic)


    • Edited by Paul P Clement IV Friday, August 12, 2016 8:04 PM
    • Proposed as answer by Frank L. Smith Friday, August 12, 2016 8:08 PM
    • Marked as answer by Benur21 Saturday, August 13, 2016 3:16 PM
    Friday, August 12, 2016 8:03 PM
  •  Just to add to what Paul said,  you can use the RunAs Verb when using the Process class to run a Process with elevated privileges.  The user will be prompted to allow that program to be run with elevated privileges though.  There is no way around that without telling the user to turn off the UAC which most people will not do because of security risks.  8)

    If you say it can`t be done then i`ll try it

    • Proposed as answer by Frank L. Smith Friday, August 12, 2016 8:18 PM
    • Marked as answer by Benur21 Saturday, August 13, 2016 3:16 PM
    Friday, August 12, 2016 8:16 PM
  •  I am having an error from an application running in a folder on C:\ when System.Diagnostics.Process.Start'ing another file on Desktop... it says access denied. I want to know why!

    Much more information is needed, what are you starting, what does it do, what folder is it in.

    As far as what permissions are set on each folder, it is quite complex. Permissions can be "Inherited" from the Main folder to the subfolder or not. there are 20+ types of permissions that can be DENY type or ALLOW type

    Overview:

    Start with a DirectoryInfo object
    create a DirectorySecurity object from the DirectoryInfo with GetAccessControl()
    Create an AuthorizationRuleCollection from the DirectorySecurity using GetAccessRules(True, True, Type.GetType("System.Security.Principal.NTAccount"))
    iterate through each Security.AccessControl.AccessRule in the collection
    get each FileSystemAccessRule and examine the Properties

    More Info Here

    Saturday, August 13, 2016 12:06 AM

  • Much more information is needed, what are you starting, what does it do, what folder is it in.

      My code:

    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click If My.Computer.Network.IsAvailable Then DownloadFile("https://www.dropbox.com/s/x69eyd39o096pse/UpdaterTest.txt?dl=1", CombinePath(DataDirectory, "UpdaterTest.txt")) Dim UpdateTextLines() As String = System.IO.File.ReadAllLines(CombinePath(DataDirectory, "UpdaterTest.txt")) If UpdateTextLines(1) = Application.ProductVersion Then My.Computer.FileSystem.DeleteFile(CombinePath(DataDirectory, "UpdaterTest.txt")) MessageBox.Show("Your application is already updated. No newer updates are avaiable.", "No updates avaiable") Else DownloadFile(UpdateTextLines(0), CombinePath(DataDirectory, "UpdaterTest.exe")) My.Computer.FileSystem.WriteAllText(CombinePath(DataDirectory, "updating.txt"), Application.ExecutablePath, False) System.Diagnostics.Process.Start(CombinePath(DataDirectory, "UpdaterTest.exe")) Application.Exit() End If End If End Sub

        Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
            If Application.ExecutablePath() = CombinePath(DataDirectory, "UpdaterTest.EXE") Then
                Dim OriginalExecutablePath As String = System.IO.File.ReadAllText(CombinePath(DataDirectory, "updating.txt"))
                My.Computer.FileSystem.CopyFile(Application.ExecutablePath, OriginalExecutablePath, True)
                My.Computer.FileSystem.DeleteFile(CombinePath(DataDirectory, "updating.txt"))
                My.Computer.FileSystem.WriteAllText(CombinePath(DataDirectory, "UPDATED.txt"), "", False)
                System.Diagnostics.Process.Start(OriginalExecutablePath)
                Application.Exit()
            ElseIf My.Computer.FileSystem.FileExists(CombinePath(DataDirectory, "UPDATED.txt")) Then
                My.Computer.FileSystem.DeleteFile(CombinePath(DataDirectory, "UpdaterTest.exe"))
                My.Computer.FileSystem.DeleteFile(CombinePath(DataDirectory, "UPDATED.txt"))
                My.Computer.FileSystem.DeleteFile(CombinePath(DataDirectory, "UpdaterTest.txt"))
                MessageBox.Show("Your application have been updated sucessfully!", "Updated!")
            End If
        End Sub
    
        Sub DownloadFile(ByVal FromURL As String, ByVal ToPathIncludingFileNameAndExtension As String)
            Using Client As New System.Net.WebClient()
                Client.DownloadFile(FromURL, ToPathIncludingFileNameAndExtension)
            End Using
        End Sub

      Now: DataDirectory is "C:\UpdaterTest\" and I am making an AutoUpdater. First it downloads the UpdaterTest.txt from my dropbox and check on it if there's a new update. If yes then it downloads the new executable to "C:\UpdaterTest\", runs it and closes itself (working without problems until here). Then the second executable sees that its directory is "C:\UpdaterTest\" and because that it copies itself to where the old executable is actually, overwriting, and trying to run it it calls an exception saying that the operation needs elevation (or something like that, the error shows in portuguese for me). Everything is working well as after that the app is already updated (the second executable updated it) and opening it manually it says Updated Sucessfully and it is really updated.

      The problem is the exception complicating the thing... I should ask the user to run the second executable as Administrator and it would be able to run the updated exe. I don't if it is because the path of the second executable, or the first, or whatever... So I asked.

      Now I need to know how to ask the user to run it as admin and if he declines then it shows a message telling the user to reopen the app.

      Thank you!

    PS: The first executable (the old that have been updated) was on my Desktop when I tried it.


    Thanks A LOT!!! ---------END-BENUR21-SIGNATURE----------



    • Edited by Benur21 Saturday, August 13, 2016 3:24 PM
    Saturday, August 13, 2016 3:16 PM
  •   Well, I found something here (https://social.msdn.microsoft.com/Forums/en-US/102c19af-6dbd-4892-9283-7daf60b79199/an-exception-occurred-during-a-webclient-request?forum=vblanguage) that talks about some folders that which the app don't need Admin Rights to access. It seems that it can access the SpecialFolders (all of them?) including Desktop, MyDocuments, the Local and Temp folders. Then are all their subfolders unprotected too? Anyway I will use the Local Folder, like Microsoft does with the Applicaton Settings.


    Thanks A LOT!!!____________Benur21 Signature____________

    • Marked as answer by Benur21 Monday, August 22, 2016 7:53 PM
    Monday, August 22, 2016 7:53 PM
  •   Well, I found something here (https://social.msdn.microsoft.com/Forums/en-US/102c19af-6dbd-4892-9283-7daf60b79199/an-exception-occurred-during-a-webclient-request?forum=vblanguage) that talks about some folders that which the app don't need Admin Rights to access. It seems that it can access the SpecialFolders (all of them?) including Desktop, MyDocuments, the Local and Temp folders. Then are all their subfolders unprotected too? Anyway I will use the Local Folder, like Microsoft does with the Applicaton Settings.


    Thanks A LOT!!!____________Benur21 Signature____________


    You should just use the applicationdata special folder for your application. This is where my settings will put its file. You should use a company name and application name sub folders.

    You have read/write permisssion in the folder that is returned by the getfolderpath

    For user data you would use the my documents.

    That is really the only folders you need other than the program folder which is normally created by your setup program which gets permission from the user to install and write in that folder. That is the big screen that comes up in an installation and asks if you are sure you want to install.

    Here is what I use with my company name and program name and etc.

            Dim datadir As String =
                System.Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) &
                "\Sandia_Software\Cadrail\Update"


    PS

    https://msdn.microsoft.com/en-us/library/s2esdf4x(v=vs.100).aspx


    You don't have permission to write in the programs folder. You can only use this folder to read files you distribute. This is where your .exe and default program files are located. Again this is done by your setup program by getting user permission.
    Monday, August 22, 2016 8:29 PM
  •   Well, I found something here (https://social.msdn.microsoft.com/Forums/en-US/102c19af-6dbd-4892-9283-7daf60b79199/an-exception-occurred-during-a-webclient-request?forum=vblanguage) that talks about some folders that which the app don't need Admin Rights to access. It seems that it can access the SpecialFolders (all of them?) including Desktop, MyDocuments, the Local and Temp folders. Then are all their subfolders unprotected too? Anyway I will use the Local Folder, like Microsoft does with the Applicaton Settings.


    Thanks A LOT!!!____________Benur21 Signature____________


    You should just use the applicationdata special folder for your application. This is where my settings will put its file. You should use a company name and application name sub folders.

    You have read/write permisssion in the folder that is returned by the getfolderpath

    For user data you would use the my documents.

    That is really the only folders you need other than the program folder which is normally created by your setup program which gets permission from the user to install and write in that folder. That is the big screen that comes up in an installation and asks if you are sure you want to install.

    Here is what I use with my company name and program name and etc.

            Dim datadir As String =
                System.Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) &
                "\Sandia_Software\Cadrail\Update"


    PS

    https://msdn.microsoft.com/en-us/library/s2esdf4x(v=vs.100).aspx


    You don't have permission to write in the programs folder. You can only use this folder to read files you distribute. This is where your .exe and default program files are located. Again this is done by your setup program by getting user permission.

      I am going to use the Local folder, that is a subfolder of the AppData folder.

      I have not a company name [yet] and for now I will just create folders with the application name where the data/update files will go to.

      I don't want it to use a Setup to install my programs. Instead, I want to only have an executable that I can distribute and the user can put it anywhere he wants, like the Desktop or some folder on it. Then it will save the data to the Predefined (by me) folder and if going to Update it will put the temporary update files on that folder, and they will be able to run the executable, showing the App Updated message and delete the temporary files. My applications will have an option to delete the data folder and so if the user wants to get rid of my app he can just use that option and then delete the executable and then there will be no traces that my app have ever been there :)

      Thank you for your opinion about what folder should be used :D



    Thanks A LOT!!!____________Benur21 Signature____________

    Monday, August 22, 2016 8:55 PM