File ownership for legacy installer programs

Discussion in 'Windows Vista Security' started by Roof Fiddler, Sep 5, 2006.

  1. Roof Fiddler

    Roof Fiddler Guest

    If I run as an administrative user a legacy installer program for a program
    which stores user settings and data in its own directory, then the files and
    directories it creates are owned by and accessible to that user, and the
    program runs correctly as that user. But if I run the installer as a regular
    user, and then enter an admin user's password in the UAC dialog when the
    program needs to elevate its privileges, will the files and directories
    which it creates be owned by the regular user or the admin user? Will they
    by default at least be set as writeable by the regular user?

    I've read that Vista has a compatibility mode by which programs which try to
    write data to their own program directories while running as ordinary users
    will have that data transparently written instead to a union directory under
    the user's own home directory so that the program will work properly on
    Vista, but even when I enable compatibility mode in the program's settings,
    I can't get Palm's desktop software to work under a user account. Even more
    oddly, it won't work even if I run it with the "run as administrator" option
    in a regular user account.
    Are there any known problems with the union directory feature on Vista build
    Roof Fiddler, Sep 5, 2006
    1. Advertisements

  2. Roof Fiddler

    Jimmy Brush Guest


    They will be owned by the administrators group.
    No. They will only inherit the permissions marked as inheritable from the
    parent folder. For most folders, this is Normal users read-only,
    administrative users full control. The only folder normal users have write
    access to is their user profile directory.

    You will need to manually edit security to allow a user write-access to a
    folder outside of their user profile directory.
    The "Virtualization" compatability mode is enabled for 32-bit programs that
    were not designed for Windows Vista and are not running as administrator.
    This mode will silently redirect programs that save things to
    HKEY_LOCAL_MACHINE and certain folder locations such as program files to the
    user's profile directory.

    Due to the way virtualization is designed, it can cause problems in certain
    situations. For example, a program that relies on a certain file being
    writable from different user accounts will behave unexpectedly, since each
    user will have their own copy of that file and will not see changes made
    from other user accounts.

    Virtualization also causes problems if you are dual-booting and wanting to
    share config files for certain applications between Vista and the other
    operating system.

    Based on what you described with Palm's desktop software, I do not believe
    virtualization is the culprit, as running the program "as administrator"
    disables virtualization, and this would have allowed the program to work.
    Jimmy Brush, Sep 6, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.