Solved

Application access rights on file system

Posted on 2002-05-06
5
141 Views
Last Modified: 2010-04-13
Is it possible to let an application have more access rights than the current user?

I don't want the user to have even read access to certain files on a file server but the application the user is allowed to run should have read/write access.

Is it for examples possible for an application to login as a different user?

Clients are W2k, servers NT or W2K.

Thanks
Michael
0
Comment
Question by:mrachow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
ID: 6991023
Yes, there are a couple of ways:

1) If your application is implemented as a SERVICE, it runs under the "SYSTEM" account (typically) which has full rights over the local machine.

2) You also have the CreateProcessAsUser() or ImpersonateLoggedOnUser() APIs that can be used to get access rights as another user.
0
 
LVL 1

Author Comment

by:mrachow
ID: 6991080
Hi jhance,

My application is to big, to be started as a service itself. In addition I think I will not have access to the needed API from my application directly.

So I would need small shell programs (service or frame application implementing ImpersonateLoggedOnUser() for example).

The final question is then: If my application is started by a service or a small program which uses ImpersonateLoggedOnUser() will my application inherit the process environment including the access rights from the calling service or frame program?

Tnaks
Michael
0
 

Expert Comment

by:DavidWilkinson
ID: 6992526
This is probably no help (because you don't want the logged on user to have these rights), but if you hold down shift and right click on the application you want to run you get a 'Run-As' option on the menu - this can be used to give the application greater rights that the user currently logged on - but the user details have to be entered, hence the user running the program needs to know logon details which gives access to the protected files !!!

I'm not sure if there's a API call which could do this automatically - but i'd have thought they would be !!

Hope this helps

Dave
0
 
LVL 32

Expert Comment

by:jhance
ID: 7000959
>>and have been rewarded with a grade of C.

Don't expect to receive follow-on help when you treat experts with contempt.  Nobody forced you to accept my comment as an answer.  If it was unclear or incomplete you had every opportunity to ask for clarification.
0
 
LVL 1

Author Comment

by:mrachow
ID: 7001057
Sorry for that jhance,

Because you had become that angry I have had a look a the complete explanation of grade C.
>>
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
<<
After reading that I uderstand that you are angry about me.
Finally the short hand tip - when selecting a grade - I don't had found that bad as the complete explanation.

Sorry again.

Michael
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question