Re: Permissions again
- From: "mayayana" <mayaXXyana@xxxxxxxxx>
- Date: Fri, 11 Sep 2009 10:53:00 -0400
But if I try to delete the file from VB code, from the IDE I can,
because it runs as admin, but compiled I get error 75, error in acces to
file or folder.
So?
And if I manually delete the file, the UAC pops up for confirmation.
I got to looking at your code last night, and
also testing further on Win7. What I've found is
this:
On Win7 with UAC set high I get access denied
(error 5) when trying to set permissions for Users.
With UAC set low it works. In both cases it's
Admin. If I use right-click Run As Admin it works
OK.
While UAC is messing things up, the permissions
values I get when checking permissions is accurate,
and the error 5 coming from SetNamedSecurityInfo
provides a way to tell whether there are not sufficient
rights to change permissions. For my own purposes
that works well. I can set permissions...if it errors
I can show a message that it didn't work and advise
someone installing my software to restart setup
with Run As Admin.
I'm not sure whether that relates to what you're
seeing, but it sounds like both are cases of UAC
just blocking rather than prompting. I assume that's
due to not having a run-as-admin manifest.
After working with your code I finally figured out
what was going on there. MapGenericMask sets up
the flags in a long to And with the ACCESS_MASK.
The values, as you have them in accord with standard
practice, are like so:
READ 1179785 120089 00010010 0000 0000 1000 1001
WRITE 1179926 120116 00010010 0000 0001 0001 0110
EXECUTE 1179808 1200A0 00000010 0000 0000 1010 0000
ALL 2032127 1F01FF 00011111 0000 0001 1111 1111
(That shows the long, hex version, standard rights byte,
and specific rights byte.)
Here's the ACCESS_MASK for Users on a folder:
1179817 1200A9 00010010 0000 0000 1010 1001
And here it is for Admin:
203217 1F01FF 00011111 0000 0001 1111 1111
So far, so good. When you use MapGenericMask and
then And that with the returned ACCESS_MASK, you
get the right results. (Read/Execute for Users, All
permissions for Admin.)
But it turns out that the constants FILE_ALL_ACCESS,
FILE_GENERIC_READ, etc. only works for files/folders.
Here's the ACCESS_MASK value returnd for a Registry
key:
Admin:
983103 00001111 0000 0000 0011 1111
Users:
131097 00000010 0000 0000 0001 1001
Note that the SYNCHRONIZE bit is never set
for Registry keys. (The H10 flag -- 5th bit up --
in the standard rights byte.)
And the specific flags are different. If I read the
standard flags then I get accurate results with
both folders and Reg. keys. But if I use the
official MS method with MapGenericMask on a
Registry key I find that I have no rights at all,
no matter who I am! Because the And doesn't
return a match, even though the standard rights
flags are set.
So it appears that using MapGenericMask would
require a different set of constants for the mask
with each object type.
As you noted before, the reall difference
between rights and no rights is whether the write
bits (WRITE_DAC, WRITE_OWNER) are set:
0000**00 0000 0000 0000 0000
And that holds true *at least* for folders
and Reg. keys.
.
- Follow-Ups:
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- References:
- Permissions again
- From: mayayana
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- From: mayayana
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- From: mayayana
- Re: Permissions again
- From: mayayana
- Re: Permissions again
- From: Eduardo
- Re: Permissions again
- From: mayayana
- Re: Permissions again
- From: Eduardo
- Permissions again
- Prev by Date: Re: How to load array of images from a file into a Picture Box in VB.N
- Next by Date: Re: How to load array of images from a file into a Picture Box in
- Previous by thread: Re: Permissions again
- Next by thread: Re: Permissions again
- Index(es):
Relevant Pages
|
