• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 147
  • Last Modified:

Application access rights on file system

Is it possible to let an application have more access rights than the current user?

I don't want the user to have even read access to certain files on a file server but the application the user is allowed to run should have read/write access.

Is it for examples possible for an application to login as a different user?

Clients are W2k, servers NT or W2K.

Thanks
Michael
0
mrachow
Asked:
mrachow
  • 2
  • 2
1 Solution
 
jhanceCommented:
Yes, there are a couple of ways:

1) If your application is implemented as a SERVICE, it runs under the "SYSTEM" account (typically) which has full rights over the local machine.

2) You also have the CreateProcessAsUser() or ImpersonateLoggedOnUser() APIs that can be used to get access rights as another user.
0
 
mrachowAuthor Commented:
Hi jhance,

My application is to big, to be started as a service itself. In addition I think I will not have access to the needed API from my application directly.

So I would need small shell programs (service or frame application implementing ImpersonateLoggedOnUser() for example).

The final question is then: If my application is started by a service or a small program which uses ImpersonateLoggedOnUser() will my application inherit the process environment including the access rights from the calling service or frame program?

Tnaks
Michael
0
 
DavidWilkinsonCommented:
This is probably no help (because you don't want the logged on user to have these rights), but if you hold down shift and right click on the application you want to run you get a 'Run-As' option on the menu - this can be used to give the application greater rights that the user currently logged on - but the user details have to be entered, hence the user running the program needs to know logon details which gives access to the protected files !!!

I'm not sure if there's a API call which could do this automatically - but i'd have thought they would be !!

Hope this helps

Dave
0
 
jhanceCommented:
>>and have been rewarded with a grade of C.

Don't expect to receive follow-on help when you treat experts with contempt.  Nobody forced you to accept my comment as an answer.  If it was unclear or incomplete you had every opportunity to ask for clarification.
0
 
mrachowAuthor Commented:
Sorry for that jhance,

Because you had become that angry I have had a look a the complete explanation of grade C.
>>
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
<<
After reading that I uderstand that you are angry about me.
Finally the short hand tip - when selecting a grade - I don't had found that bad as the complete explanation.

Sorry again.

Michael
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now