If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
File/folder security in Windows 8: a strange problem
Hia folks
My company has been testing Windows 8 at work. We're still running XP, but we want to slowly upgrade everyone . Since there's no point in going over 2 upgrades (XP - 7 - 8) we decided to "bite the bullet" and go W8 all the way. But the weird has been cropping up... Our latest is this: I'm setting up a PC for a user, call him USERBOB. I used my own user, ADMINJOE, to fully install and configure it. I also installed a sofware we use inhouse. And here is where things go weird... At the end of installing everything with DOMAIN\ADMINJOE, I rebooted and logged into the PC with DOMAIN\USERBOB; I then altered 2 config files of our software, but, when tried to save them, I got the message "acess denied"!! And I can't figure out why! These are the current permissions DOMAIN\ADMINJOE is both network and local admin; installed all the software in the PC DOMAIN\USERBOB is a normal network user and local admin; Both the software folder AND the config files have the correct security settings: full access to local admins. I've also tried turning USERBOB into a network admin (to make it equal to mine), but no luck. When I try to copy+paste, or delete, a file in that folder, I get a message "you must supply administrator permission" before I can do it... which is odd, since the user IS a local admin... Any ideas on what may cause this? ---//--- "I have come here to chew bubblegum and kick ass. And I'm all out of bubblegum." -------------------------- Comparisons of sizes: W40k vs other models http://www.pbase.com/hammerbolt/compare |
Ads |
#2
|
|||
|
|||
File/folder security in Windows 8: a strange problem
"JR" wrote in message ... Hia folks My company has been testing Windows 8 at work. We're still running XP, but we want to slowly upgrade everyone . Since there's no point in going over 2 upgrades (XP - 7 - 8) we decided to "bite the bullet" and go W8 all the way. But the weird has been cropping up... Our latest is this: I'm setting up a PC for a user, call him USERBOB. I used my own user, ADMINJOE, to fully install and configure it. I also installed a sofware we use inhouse. And here is where things go weird... At the end of installing everything with DOMAIN\ADMINJOE, I rebooted and logged into the PC with DOMAIN\USERBOB; I then altered 2 config files of our software, but, when tried to save them, I got the message "acess denied"!! And I can't figure out why! How about a specific path to these files? I'm guessing either in \Windows or \Program Files (or \Program Files (x86) These are the current permissions DOMAIN\ADMINJOE is both network and local admin; installed all the software in the PC DOMAIN\USERBOB is a normal network user and local admin; Both the software folder AND the config files have the correct security settings: full access to local admins. I've also tried turning USERBOB into a network admin (to make it equal to mine), but no luck. When I try to copy+paste, or delete, a file in that folder, I get a message "you must supply administrator permission" before I can do it... which is odd, since the user IS a local admin... There is a difference between an account having admin level privileges and and actually executing something as admin. Just because a user is capable of admin level operations doesn't mean they are running with that level of rights at all times. Like in Linux (and Unix) just because you are logged in as "root" doesn't mean you can do system level tasks without first doing an "su" or "sudo". The proper answer is to modify the app so that it's "transient" files reside either in the users profile path (if user specific) or in the hidden folder structure \ProgramData. |
#3
|
|||
|
|||
File/folder security in Windows 8: a strange problem
How about a specific path to these files? I'm guessing either in \Windows or \Program Files (or \Program Files (x86) The files are in program files\softwarename There is a difference between an account having admin level privileges and and actually executing something as admin. Just because a user is capable of admin level operations doesn't mean they are running with that level of rights at all times. Like in Linux (and Unix) just because you are logged in as "root" doesn't mean you can do system level tasks without first doing an "su" or "sudo". The proper answer is to modify the app so that it's "transient" files reside either in the users profile path (if user specific) or in the hidden folder structure \ProgramData. So, if a user is part of the PC's "adminstrators" group, he still can't alter files in this directory? ---//--- "I have come here to chew bubblegum and kick ass. And I'm all out of bubblegum." -------------------------- Comparisons of sizes: W40k vs other models http://www.pbase.com/hammerbolt/compare |
#4
|
|||
|
|||
File/folder security in Windows 8: a strange problem
"JR" wrote in message ... How about a specific path to these files? I'm guessing either in \Windows or \Program Files (or \Program Files (x86) The files are in program files\softwarename As I suspected. There is a difference between an account having admin level privileges and and actually executing something as admin. Just because a user is capable of admin level operations doesn't mean they are running with that level of rights at all times. Like in Linux (and Unix) just because you are logged in as "root" doesn't mean you can do system level tasks without first doing an "su" or "sudo". The proper answer is to modify the app so that it's "transient" files reside either in the users profile path (if user specific) or in the hidden folder structure \ProgramData. So, if a user is part of the PC's "adminstrators" group, he still can't alter files in this directory? Not unless he\she elevates (the prompt you received). How is the system to know an action was taken on purpose and not malware? |
#5
|
|||
|
|||
File/folder security in Windows 8: a strange problem
On Mon, 29 Oct 2012 15:43:17 -0400, "Seth"
wrote: Not unless he\she elevates (the prompt you received). How is the system to know an action was taken on purpose and not malware? So, basically, even if 2 users are local admin, only the user that actually installed the software (and created the folders/files) can alter them? ---//--- "I have come here to chew bubblegum and kick ass. And I'm all out of bubblegum." -------------------------- Comparisons of sizes: W40k vs other models http://www.pbase.com/hammerbolt/compare |
#6
|
|||
|
|||
File/folder security in Windows 8: a strange problem
"JR" wrote in message ... On Mon, 29 Oct 2012 15:43:17 -0400, "Seth" wrote: Not unless he\she elevates (the prompt you received). How is the system to know an action was taken on purpose and not malware? So, basically, even if 2 users are local admin, only the user that actually installed the software (and created the folders/files) can alter them? No, even the person who did the installation has to\should be required to elevate when altering files in protected locations. That's why they are protected locations. Again, how is the system to know an alteration is on purpose and not malware? |
#7
|
|||
|
|||
File/folder security in Windows 8: a strange problem
On Mon, 29 Oct 2012 16:27:19 -0400, "Seth"
wrote: No, even the person who did the installation has to\should be required to elevate when altering files in protected locations. That's why they are protected locations. Again, how is the system to know an alteration is on purpose and not malware? True. Then again, it does kinda defeat the whole idea of seting folder security. What's the point, if even admins can't get it?... ---//--- "I have come here to chew bubblegum and kick ass. And I'm all out of bubblegum." -------------------------- Comparisons of sizes: W40k vs other models http://www.pbase.com/hammerbolt/compare |
#8
|
|||
|
|||
File/folder security in Windows 8: a strange problem
"JR" wrote in message news On Mon, 29 Oct 2012 16:27:19 -0400, "Seth" wrote: No, even the person who did the installation has to\should be required to elevate when altering files in protected locations. That's why they are protected locations. Again, how is the system to know an alteration is on purpose and not malware? True. Then again, it does kinda defeat the whole idea of seting folder security. What's the point, if even admins can't get it?... Because that's the wrong place to do it. Do it in the right location and this isn't a problem. Changing the file level permissions doesn't change that it's part of a "protected path". |
Thread Tools | |
Display Modes | Rate This Thread |
|
|