?
Solved

How do you copy/create files in C:\ root directory

Posted on 2011-04-28
18
Medium Priority
?
1,132 Views
Last Modified: 2013-12-04
I have a third-party command line application that we run via a batch file.  It converts stock trading data from one application for use in another.  The batch file is very simple and works just fine if you have administrative privileges on the PC.

I believe this application fails because a lack of priveleges causes the creation of a log file to fail.  The user that needs to run this is simply a standard user and cannot run the application because one of the first things that it does is create a log file in the C:\ directory.  This user cannot create files in C:\ without getting prompted to supply Administrator credentials.

This user is the reckless type where things stop suddenly working and claims nothing was changed/installed/modified, etc.  There is no way I can trust this person with administrative privileges.

Is there a way to grant file create/write to the C:\ without disabling UAC or changing the user's privileges?
0
Comment
Question by:crickard62
  • 6
  • 2
  • 2
  • +4
16 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 35485920
Any chance you can have the application run as a different user?
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 35485932
You can use task scheduler to run the bat at logon using admin credentials, or change the directory it writes to to a place the user has permissions.
0
 
LVL 7

Expert Comment

by:namol
ID: 35486053
Just change the directory to temp directory or has that been restricted to the user also? %TMP% and %TEMP% are the window's temp directory variables.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:crickard62
ID: 35487133
@mattvmotas - No unfortunately that is not an option.

@xuserx2000 - I am already pursuing where the log writes with the third party vendor.

@namol:  Until I hear otherwise from the vendor, there is no apparent way to redirect where there log is created.  Both of the environment vars that you mention point to C:\Users\<username>\AppData\Local\Temp so I don't believe that's the issue.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 35487346
Is it always the same filename?  Could you create a zero length file and give the user rights to just that file?
0
 

Author Comment

by:crickard62
ID: 35491506
Yes the file name is always the same but the log is transient in that it only exists while the program runs and gets deleted if there are no errors logged.
0
 
LVL 44

Expert Comment

by:Davis McCarn
ID: 35517962
Does it have to run on C?
Change it to another drive letter, create a folder, share it, map it as the drive letter, and give him permissions.
0
 
LVL 44

Expert Comment

by:Davis McCarn
ID: 35517966
Rats; and see if it works when you copy the program to the mapped drive and run it there.
0
 
LVL 6

Expert Comment

by:Melannk24
ID: 35695293
What about the Virtual Store?

File virtualization addresses the situation where an application relies on the ability to store a file, such as a configuration file, in a system location typically writeable only by administrators. Running programs as a standard user in this situation might result in program failures due to insufficient levels of access.

When an application writes to a system location only writeable by administrators, Windows then writes all subsequent file operations to a user-specific path under the Virtual Store directory, which is located at %LOCALAPPDATA%\VirtualStore. Later, when the application reads back this file, the computer will provide the one in the Virtual Store. Because the Windows security infrastructure processes the virtualization without the application’s assistance, the application believes it was able to successfully read and write directly to the protected area. The transparency of file virtualization enables applications to perceive that they are writing and reading from the protected resource, when in fact they are accessing the virtualized version.
0
 

Author Comment

by:crickard62
ID: 35695409
@DavisMcCarn:  the program already runs from a mapped drive.  It appears that the application assumes that there will always be a C:\ drive and creates the log there.

@Melannk24: I see what you are getting at but the app does not appear to behave the way you describe. It is my understanding that under WIndows 7 (and Vista) even users with administrative privileges run apps as standard users and if more juice is needed UAC prompts for administrative privileges.  This application never tries to execute at a level requiring more privilege.  It just tries to run and fails around the time that the log file creation attempot on C:\ fails.   I am not sure what else to do with the information you provided. If you can elaborate I'd appreciate it.
0
 
LVL 6

Expert Comment

by:Melannk24
ID: 35698934
You are correct that in Vista and 7 even Admin users run apps as standard users, but the behavior of the virtual store depends on the application attributes.  Have you tried changing the properties of the application itself to "Run as Administrator", supply the credentials and run in XP service pack 2 mode?  This could force the behavior I was stating before in which the application may not fail and think it's writing to the protected area when it's being redirected to the virtual store of the user's profile.  The only thing is you would probably have to use a  vb script to supply the credentials because it will prompt the user.  Using a vb script can allow you to launch the batch file with the credentials you supply and it would only apply to that file allowing you to keep the user as "standard".  If you are interested in a sample script, I can throw one your way to test with and you can see what results you get.

Do you know if the application is marked with a run level in its manifest?  Because if it does, Windows will disable data redirection by default.  
0
 

Author Comment

by:crickard62
ID: 35701627
So I tried installed the executable on the C: drive so that I could apply "Run As Administrator" and XP compatibility mode to the executable but no joy.  The application failed in the same place.

I am beginning to think there is no solution to this problem short of granting this user Administrative privileges...
0
 

Author Comment

by:crickard62
ID: 35701678
After the user left, I granted him Administrative privileges and successfully ran the application.  So there is no doubt in my mind about this being a permissions issue.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 35701867
If you create a scheduled task, ...with no schedule... pointing to the executable, and supplying admin credentials to the task...  a regular user could be give permission to RUN the task, which launches the program in admin credentials.  You can even put a shortcut on the desktop to run the scheduled task.

This would allow them to run as an admin, but not see what credentials they are running under.
0
 

Accepted Solution

by:
crickard62 earned 0 total points
ID: 35747217
I solved this problem using a product called PowerBroker® Desktops v5.0 by BeyondTrust to elevate the privileges of this application.  This program somehow determines what privileges the program needs to properly operate and applies them accordingly.

Thanks to everyone for their suggestions.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 35929300
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses
Course of the Month14 days, 8 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question