Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Application access rights on file system

Posted on 2002-05-06
5
139 Views
Last Modified: 2010-04-13
Is it possible to let an application have more access rights than the current user?

I don't want the user to have even read access to certain files on a file server but the application the user is allowed to run should have read/write access.

Is it for examples possible for an application to login as a different user?

Clients are W2k, servers NT or W2K.

Thanks
Michael
0
Comment
Question by:mrachow
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
ID: 6991023
Yes, there are a couple of ways:

1) If your application is implemented as a SERVICE, it runs under the "SYSTEM" account (typically) which has full rights over the local machine.

2) You also have the CreateProcessAsUser() or ImpersonateLoggedOnUser() APIs that can be used to get access rights as another user.
0
 
LVL 1

Author Comment

by:mrachow
ID: 6991080
Hi jhance,

My application is to big, to be started as a service itself. In addition I think I will not have access to the needed API from my application directly.

So I would need small shell programs (service or frame application implementing ImpersonateLoggedOnUser() for example).

The final question is then: If my application is started by a service or a small program which uses ImpersonateLoggedOnUser() will my application inherit the process environment including the access rights from the calling service or frame program?

Tnaks
Michael
0
 

Expert Comment

by:DavidWilkinson
ID: 6992526
This is probably no help (because you don't want the logged on user to have these rights), but if you hold down shift and right click on the application you want to run you get a 'Run-As' option on the menu - this can be used to give the application greater rights that the user currently logged on - but the user details have to be entered, hence the user running the program needs to know logon details which gives access to the protected files !!!

I'm not sure if there's a API call which could do this automatically - but i'd have thought they would be !!

Hope this helps

Dave
0
 
LVL 32

Expert Comment

by:jhance
ID: 7000959
>>and have been rewarded with a grade of C.

Don't expect to receive follow-on help when you treat experts with contempt.  Nobody forced you to accept my comment as an answer.  If it was unclear or incomplete you had every opportunity to ask for clarification.
0
 
LVL 1

Author Comment

by:mrachow
ID: 7001057
Sorry for that jhance,

Because you had become that angry I have had a look a the complete explanation of grade C.
>>
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
<<
After reading that I uderstand that you are angry about me.
Finally the short hand tip - when selecting a grade - I don't had found that bad as the complete explanation.

Sorry again.

Michael
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Recovering backup .Qic files on Windows 7 6 2,265
Norton Ghost for Windows NT 5 1,491
create a second domain controller and then make primary controller 9 553
Building AD from Scratch 5 136
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question