Solved

Application access rights on file system

Posted on 2002-05-06
5
140 Views
Last Modified: 2010-04-13
Is it possible to let an application have more access rights than the current user?

I don't want the user to have even read access to certain files on a file server but the application the user is allowed to run should have read/write access.

Is it for examples possible for an application to login as a different user?

Clients are W2k, servers NT or W2K.

Thanks
Michael
0
Comment
Question by:mrachow
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
ID: 6991023
Yes, there are a couple of ways:

1) If your application is implemented as a SERVICE, it runs under the "SYSTEM" account (typically) which has full rights over the local machine.

2) You also have the CreateProcessAsUser() or ImpersonateLoggedOnUser() APIs that can be used to get access rights as another user.
0
 
LVL 1

Author Comment

by:mrachow
ID: 6991080
Hi jhance,

My application is to big, to be started as a service itself. In addition I think I will not have access to the needed API from my application directly.

So I would need small shell programs (service or frame application implementing ImpersonateLoggedOnUser() for example).

The final question is then: If my application is started by a service or a small program which uses ImpersonateLoggedOnUser() will my application inherit the process environment including the access rights from the calling service or frame program?

Tnaks
Michael
0
 

Expert Comment

by:DavidWilkinson
ID: 6992526
This is probably no help (because you don't want the logged on user to have these rights), but if you hold down shift and right click on the application you want to run you get a 'Run-As' option on the menu - this can be used to give the application greater rights that the user currently logged on - but the user details have to be entered, hence the user running the program needs to know logon details which gives access to the protected files !!!

I'm not sure if there's a API call which could do this automatically - but i'd have thought they would be !!

Hope this helps

Dave
0
 
LVL 32

Expert Comment

by:jhance
ID: 7000959
>>and have been rewarded with a grade of C.

Don't expect to receive follow-on help when you treat experts with contempt.  Nobody forced you to accept my comment as an answer.  If it was unclear or incomplete you had every opportunity to ask for clarification.
0
 
LVL 1

Author Comment

by:mrachow
ID: 7001057
Sorry for that jhance,

Because you had become that angry I have had a look a the complete explanation of grade C.
>>
C: Because Experts' reliability are often judged by their grading records, many Experts would like the opportunity to clarify if you have questions about their solutions. If you have given the Expert(s) ample time to respond to your clarification posts and you have responded to each of their posts providing requested information; or if the answers, after clarification, lack finality or do not completely address the issue presented, then a "C" grade is an option. You also have the option here of just asking Community Support to delete the question.
<<
After reading that I uderstand that you are angry about me.
Finally the short hand tip - when selecting a grade - I don't had found that bad as the complete explanation.

Sorry again.

Michael
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question