E
Eric R. Renken
In Windows Vista they have locked down the security of the %alluserprofile%
directory C:\ProgramData, the problem is we use this directory in our
program for logging as that is a place at least in XP where all
BUILTIN\Users accounts can write to. Well in Vista that isn't the case
anymore. You can read and view other peoples data, but you can't write to
it.
The problem comes into play when Bob is logged into the Vista computer and
runs our application. This creates the log files and everything works
great. Then along comes Jan, and she logs into the computer and tries to
run our application. Well needless to say our application blows up in a
blaze of glory because she can't write to the log files as they are secured
for only Bob.
I have been trying to find a way that during our setup I could set the
permissions on C:\ProgramData\Exaktime and give the BUILTIN\Users Write and
Modify permissions. I have tried using the command line program ICACLS, but
that doesn't work completely. Here is what I have tried:
ICACLS "C:\ProgramData\Exaktime" /grant:r BUILTIN\Users
W,M) /T
This works great for all the files that are currently in that directory and
if they were created by the user running the script. Even running it with
elevated permissions I get an "Access Denied" on files created by other
users.
What this command line does is set the permissions Write and Modify on all
the files in this directory and its subfolders however I need this
permission set on the directory level so new files that are created in this
directory also get the Write and Modify permissions for the BUILTIN\Users.
If I create manually put Modify and Write on the folder and then create a
new file in that folder I see that the file does inherit those permissions,
so it should work, but I just don't to have to have all our end users set
those permissions manually.
I have looked at the VB script XCALS, but I want to set this from our
Installer and I really don't want to have to pass XCALS around just to do
this. Seems like ICACLS or something should be able to do this easily.
Thanks for any help.
Eric Renken
directory C:\ProgramData, the problem is we use this directory in our
program for logging as that is a place at least in XP where all
BUILTIN\Users accounts can write to. Well in Vista that isn't the case
anymore. You can read and view other peoples data, but you can't write to
it.
The problem comes into play when Bob is logged into the Vista computer and
runs our application. This creates the log files and everything works
great. Then along comes Jan, and she logs into the computer and tries to
run our application. Well needless to say our application blows up in a
blaze of glory because she can't write to the log files as they are secured
for only Bob.
I have been trying to find a way that during our setup I could set the
permissions on C:\ProgramData\Exaktime and give the BUILTIN\Users Write and
Modify permissions. I have tried using the command line program ICACLS, but
that doesn't work completely. Here is what I have tried:
ICACLS "C:\ProgramData\Exaktime" /grant:r BUILTIN\Users
W,M) /TThis works great for all the files that are currently in that directory and
if they were created by the user running the script. Even running it with
elevated permissions I get an "Access Denied" on files created by other
users.
What this command line does is set the permissions Write and Modify on all
the files in this directory and its subfolders however I need this
permission set on the directory level so new files that are created in this
directory also get the Write and Modify permissions for the BUILTIN\Users.
If I create manually put Modify and Write on the folder and then create a
new file in that folder I see that the file does inherit those permissions,
so it should work, but I just don't to have to have all our end users set
those permissions manually.
I have looked at the VB script XCALS, but I want to set this from our
Installer and I really don't want to have to pass XCALS around just to do
this. Seems like ICACLS or something should be able to do this easily.
Thanks for any help.
Eric Renken