Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

admin account vs user account in windows

Posted on 2004-04-19
3
227 Views
Last Modified: 2013-11-20
Hi,

I have a file in C:\Program Files\etc etc...

I never realized that I could read / write from these files without any issues simply because my user account had admin rights.

I am always refused access to these files if I use an account that does not have admin rights. Something like

Code:
CStdioFile file;

if (!file.Open("C:\\test.txt", CFile::modeReadWrite)) {
    cout << "couln't open file";
}
else {
    cout << "file opened ok";
}

will always fail in my non admin account. Is there anyway to tell the OS the user can access this file through my app?

Thanks
0
Comment
Question by:ragin_cajun
  • 2
3 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 10860721
As an admin, use

cacls.exe /e /g yourotheraccount:f c:\test.txt
0
 
LVL 1

Author Comment

by:ragin_cajun
ID: 10860878
Hi jkr, it seemed to work, but is there any way to do it programatically at runtime right before the file is accessed, then set back to normal access rights?

Otherwise I would have to ask the administrator to change the permission for all users on all the files accessed each time they do an install.

Thanks
0
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 10861493
>> but is there any way to do it programatically at runtime right before the file is accessed

That's sourt of pointless. When your program is not running under the admin account, you cannot change the access mode anyway. But, if you really want to know that:

   LPTSTR FileName = "C:\\test.txt";
   LPTSTR TrusteeName = "Everyone";

   DWORD InheritFlag = NO_INHERITANCE;
   ACCESS_MODE option = GRANT_ACCESS;
   EXPLICIT_ACCESS explicitaccess;

   PACL ExistingDacl;
   PACL NewAcl = NULL;
   PSECURITY_DESCRIPTOR psd = NULL;

   DWORD dwError;

   dwError = GetNamedSecurityInfo(
                       FileName,
                       SE_FILE_OBJECT,
                       DACL_SECURITY_INFORMATION,
                       NULL,
                       NULL,
                       &ExistingDacl,
                       NULL,
                       &psd
                       );

   BuildExplicitAccessWithName(
         &explicitaccess,
         TrusteeName,
         GENERIC_READ | GENERIC_WRITE | STANDARD_RIGHTS_ALL,
         SET_ACCESS,
         InheritFlag
         );

   //
   // add specified access to the object
   //

   dwError = SetEntriesInAcl(
           1,
           &explicitaccess,
           ExistingDacl,
           &NewAcl
           );

   //
   // apply new security to file
   //

   dwError = SetNamedSecurityInfo(
                   FileName,
                   SE_FILE_OBJECT, // object type
                   DACL_SECURITY_INFORMATION,
                   NULL,
                   NULL,
                   NewAcl,
                   NULL
                   );
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Whole sheet autoscrub still needed 19 51
lucky13 challenge 11 154
Window placement 17 87
Fibonacci challenge 11 133
This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
Introduction: Load and Save to file, Document-View interaction inside the SDI. Continuing from the second article about sudoku.   Open the project in visual studio. From the class view select CSudokuDoc and double click to open the header …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question