|
Like I said before, you should really not be writing into Windows\System32. There are plenty of locations which would save you all this aggravation, and indeed the estimable OrignalGriff has an article which may be of some use: Where should I store my data?[^], and yes I know it's about data.
|
|
|
|
|
Sounds simple and easy.
So what do you suggest that I do, when the user opens a command window and asks the utility to genereate the file setenv.bat? Should I say: "Sorry, I can't do what you ask of me - even though you have write permission to that directory?"
I am not making the choice where to store the data. The user is. The user is, inadvertently because that is where cmd.exe by default sends him, in System32. The user has write access. The file is deleted after a second in any case, after the script is run.
You shouldn't store .bat files, not even for a second, in C:\ either. If the user nevertheless asks for it, it works, without. Should the utilty say, when the user says "Use C:\", in a similar manner say "Sorry, I am not willing to do that for you; you shouln't be puttng files there"?
It is so simple to say "You shouldn't do that". When the user says "Do it!" you may blame the user, or you may blame the utility doing what it is being asked to. Or you may say: OK, if the user asks to use that directory, and permissions are OK, then the user asked for it, the user got it!
You may go out on a mission to explain (or maybe "excuse") to all users of the world the underlaying reasons for why their files disappear into that black SysWOW64 hole, so that every user understands that where cnd.exe by default sends them, is to a place where they shouldn't be, and shouldn't touch anything unless they are computer experts. Then you have cleansed your hands and can say: We have told you not to be in that place where we sent you! So get out of there! This is logical, da*mit! Get out of there, now!
Arguing like that to users make you sound like a Unix guru... 
|
|
|
|
|
Just make sure you generate your .bat file somewhere that is not going to cause problems, as suggested in OriginalGriff's Tip. It's no good saying the error is caused by the user's lack of knowledge, it is your responsibility to protect the user from him/herself.
|
|
|
|
|
|
|
OK... Here's the issue:
I've been tasked with migrating my company's kiosk music system from Windows 7 to Windows 10. We currently have about 40 machines out on rental.
The machines are not internet-connected, and the kiosk launcher runs in a restricted "standard" user account, and uses Parental Controls and Group Policies to maintain its security. I'm currently rewriting the launcher shell in C#/.NET 4.6.2 following MS current security policy guidelines.
The main music player app and its registration plugin were written (not by me!) nearly 10 years ago for Windows Vista, and needs read/write access to several files in %programfiles% folder and to registry keys in both HKLM and HKCU. We no longer have the original source code, and the company will not authorise a complete rewrite (despite my protestations!).
In Windows 7, I simply disabled UAC across the entire system, and set the music player app and its registration plugin "Run As Administrator" for all accounts. That has worked for us for 7 years now, and caused us no security issues, due to the machines being "locked down" in so many other ways.
With the advent of Windows 10, "Run As Administrator" results in the user being prompted for an administrator password every time the music player is started. I've failed completely to disable UAC on the standard restricted user account. Here's all the suggestions which haven't worked:
1) Drop the UAC slider to the bottom in the main Administrator account. This disables UAC on all Admin accounts, but not on standard ones.
2) Change "EnableLUA" to zero in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Same result as 1)
3) Create a shortcut to the music player EXE including the administrator password... Basically Aaaaaaargh! That would risk exposing the machine's administrator password and break our other security.
4) Create a task in Task Scheduler to run the app with administrator permissions. This is impractical because the machine administrator password has to be written into the task. All 40 machines have unique passwords, and there is no "automatic" way of writing that into the task. The systems need to be upgradeable with a sysprep'd clone. It also risks exposing the admin password to "local hackers" same as 3).
5) Write the "Run As Administrator" along with the password into the kiosk launcher shell prior to compilation. Gets around the chance of exposing the password, but I'd need to recompile the launcher for each machine, because they all have unique passwords.
It has been suggested that there may be extra Group Policy settings available to disable UAC completely in the Enterprise edition of Windows 10, but nobody seems to be able to confirm that, and in any case I'd be unlikely to get my company to fork out for 40 copies of Enterprise!!!
I can't believe that no one has yet found a way to completely disable UAC in Windows 10, but googling the issue has produced no workaround which is usable for our systems.
PLEASE... Has anyone managed to crack this issue yet? I'm sure I'm not the only person in need of a "fix" for this.
Thanks.
|
|
|
|
|
|
Thanks for your reply, Richard, and apologies for taking so long to reply. Unfortunately I didn't get a notification.
Unfortunately, the "Do not store password" option probably won't work, because it will then request an admin password whenever the app is started.
I'll have a look through the other links you've supplied. It looks like quite a steep learning curve, but I guess nothing worth doing was ever "easy"! 
It amazes me that no one has found a way to totally disable UAC in Windows 10 yet. It seems to be something that a lot of users need to do in order to provide backward compatibility for "badly written" old apps. It's all very well Microsoft trying to push us towards better security practices, and I agree that we need eventually to rewrite some of those dodgy old apps, but I don't know any company which can afford to ditch 15 years of R&D and go back to the drawing board in the few months we're being given, especially with the Intel gen7 processors refusing to install any older OS!
|
|
|
|
|
djdynamix wrote: Unfortunately, the "Do not store password" option probably won't work, because it will then request an admin password whenever the app is started.
It probably won't. It just runs the task as the administrator, but without elevated access to network resources.
If you select the checkbox labeled Do not store password , Task Scheduler will not store the credentials supplied on the local computer, but will discard them after properly authenticating the user. When required to run the task, the Task Scheduler service will use the "Service-for-User" (S4U) extensions to the Kerberos authentication protocol to retrieve the user's token.
When using S4U the ability of the service to use the security context of the account is constrained. In particular, the service can only use the security context to access local resources.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks again Richard. I appreciate your help. I've now solved the problem.
What I did was to download the Compatibility Assistant from MSDN, and created and installed a .sdb compatibility shim, with the setting "Run As Invoker".
Everything now works exactly as it did under Windows 7.
Thanks again.
Ian
|
|
|
|
|
No. 6) app.manifest
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<pre>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel node will disable file and registry virtualization.
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="requireAdministrator"
uiAccess="false" />
</requestedPrivileges>
</security>
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
|
|
|
|
|
Thank you for your response, but I was not able to use an app manifest as I had no access to the source code. I've now solved the problem. Please refer to my response to Richard Deeming's reply if you'd like to know how I did it. Thanks again.
|
|
|
|
|
Anyone out there with some experience on network file transfers with Windows?
On my Windows Xp, Windows 7, Windows 10 machines I have scripts that build release folders for Windows CE and Windows Embedded Compact 7. In the past, I stayed on my local VM - Windows Xp, and all was well. Due to progress, I have to push files from my Windows Xp VM to either a shared drive on the desktop (same machine), a network drive or a new Windows 10 laptop.
The folders are shared between machines, so I expect I could copy and paste, or run a DOS script. But every transfer drops important OS files - like hive files for the registry.
I have a work around - zip up the dir, copy to where it needs to go, and expand, but really?
Edit: so, thinking I would work around things, I zipped up my release folders on Xp, coped the zip file to my Win7 machine and then pulled it to my Windows 10 laptop that will do the final build. No registry files.
It's all on local machines
Is there a setting I don't know about?
SFMS
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
modified 16-Mar-17 23:22pm.
|
|
|
|
|
Damn you Microsoft, damn you to whatever hell you choose, and I hope its hot. With windows 10 you add a new "hide protected operating system files" down underneath where it has always been?
Screw damnation, I have a 2x4 I want to apply to some heads.... ffs
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
Hmmm,
You do realize that this is how Windows Explorer has worked for over 25 years right? I am fairly certain that this was a typical PEBCAK error[^].
Best Wishes,
-David Delaune
|
|
|
|
|
A code signing application I have developed can be downloaded for free using this link. It allows code signing using a .pfx certificate file with minimum hassle. Hope you enjoy it. Comments and suggestions are always welcome.
- Michael Haephrati מיכאל האפרתי
|
|
|
|
|
It may be free and simple, but does not run as is... It has dependencies (like MFC) not found on simple installation... You may want to pack it and post here: Free Tools Discussion Boards[^]
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Dependencies? Strange. I compiled it with MFC as a static library.
- Michael Haephrati מיכאל האפרתי
|
|
|
|
|
On clean installation I have "The program can't start because mfc120u.dll is missing...", on other computers it works smoothly...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I can fix that. No problem
- Michael Haephrati מיכאל האפרתי
|
|
|
|
|
Then you should post this in Free Tools, or write an article about it.
|
|
|
|
|
Done that already
- Michael Haephrati מיכאל האפרתי
|
|
|
|
|
How can I convert audio file (any format, wav , m4a, mp3) to flac format with c#
Is there any nuget package I found this package FLAC.WindowsRuntime
But how can I used to convert to flac format ??
modified 7-Sep-16 5:25am.
|
|
|
|
|
I had DVDvideosoft audio converter. It can convert mp3 and wav files to flac files.
|
|
|
|
|
Hello there. I am thinking to avail this free Windows 10 upgrade offer from Microsoft. I am running Windows 8.1 with all these softwares, development IDEs and database servers installed on my machine.
Question: If I upgrade to Windows 10, how many problems should I expect to run into? Will I be able to run all the existing developed software without any major manual setting?
Thanks.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
