Clobber my permissions please

Discussion in 'other software & services' started by Gullible Jones, Jul 17, 2012.

Thread Status:
Not open for further replies.
  1. So, testing out my SRP setup, I copy a small portable game to C:\Program Files - elevating privileges via UAC.

    What I expect: equivalent of UNIX 'cp -R', with the game folder becoming writable only to admins (i.e. after UAC privilege elevation).

    What actually happens: equivalent of UNIX 'cp -a', with the game folder retaining all of its original permissions, and leaving a gaping hole in my SRP armor. I was even able to delete the game without elevating again.

    Is there a registry setting for this?
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Ask yourself a question.

    What account created the directory. Who owns the directory then? Is the admin and user credentials one and the same, as far as ownership is concerned?

    Just a hunch.

    Sul.
     
  3. NoDefaultAdminOwner again? Yes, that looks like it. Stupid of me to miss that, I thought Microsoft had eliminated the need for it in Windows Vista/7.

    I'm guessing that, while it may have been convenient, combining SRP with a UAC limited admin account was not actually such a bright idea?
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I guess that depends on how you configure your system. If the owner is always the admin group, a lot of it will work I would imagine, although I haven't really tried it that way.

    I wish there were custom install options you could use when installing the OS, things would be so much easier and cleaner right from the beginning. One such option I would use would the be the default owner. Unless you "roll your own" install you don't get that.

    I have never understood why the worlds predominant OS would not have advanced install options so you could modify settings prior or during install. They make it difficult to do so. Its not like the average user is going to use advanced features they don't understand. Most are able to install and thats about it.

    Go figure. But as to your project, I would keep at it if I were you. If it doesn't work out, I would imagine you will have learned a lot in the process, and that would be worth it, to me anyway.

    Sul.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I hope I'm not misunderstanding your situation, but from what I could understand you're running under a Protected Adminstrator account (= Admin + UAC)?

    If that's the case, then when you login, you'll have two tokens: one for the admin and one for the standard user/protected admin.

    Program Files should be off limites to standard user/protected admin. Only when elevating to Admin you should be able to write to Program Files.

    I don't own your system, so I don't know what's going on there, but I can share a little experience that I had with my ISP's software. When I installed it, it gave Users group FULL permissions to its folder in Program Files. o_O

    But, since you copied and pasted the folder to Program Files, you as the Protected Admin (= limited user) should not be able to write to Program Files. You should only have Read and Execution permissions.

    I never heard of issues between Protected Admin and SRP... :blink:

    Is it possible that something else happened? Maybe giving the wrong permissions to that folder? No idea.

    Anyway, this is why I like to use Sysinternals AccessChk once in a while to check permissions.
     
Loading...
Thread Status:
Not open for further replies.