How do I create a file in VC++ 6.0 when UAC is on?

Question

How do I create a file in C++ when UAC is on, but with out running as administrator?

I'm trying to create a text file in the following path: "C:\Programdata\Desktop" in VC++ 6.0 when Vista's UAC is on. However, Createfile(...) failed with 'permission denied'.

When I run the sample application with "run as administrator" it works. But my sample application should not "run as administrator".

Is there any API to give permission to the above path, when UAC is on?

sample code: const nSize = 100; CStdioFile file; CFileException obFileExp; CString csFilePath(_T("C:\ProgramData\Desktop\sample.txt"));

if (!file.Open( csFilePath , CFile::modeCreate | CFile::modeWrite ,&obFileExp ) )
{
 // opening of file failed  
 TCHAR szErr[nSize];
 obFileExp.GetErrorMessage(szErr,nSize);
 AfxMessageBox(szErr);
 return ;
}  

file.WriteString( "welcome" );

file.Close( );

---

NOTE: UAC should ON and VC++ 6.0 should NOT run as administrator

Answer 1

If you are not allowed to write something at somewhere, you are JUST NOT ALLOWED. If you can do it someway, it will be hacking.

Having said that, last thing I knew was that applications are allowed to write in programdata in vista. Thats what it is supposed to do. Store program's data. But I am not sure about Desktop folder in it. There is no such standard folder in vista as far as I know.

Please can you elaborate what exactly you are trying to save in that folder?

Answer 2

As per my knowledge, if UAC is on & you need to write into C:\Program Files" which is a restricted folder You need to have admin privileges.

There is no workaround to it. At the most UAC may virtualize your application thus making your application think its writing to C:\Program Files but in reality it will be writing into the Virtual Folder present in %UserProfile%.

Instead of making the user always do right click-> Run As, you can embed a manifest (using external manifest tool) with privilege set to "RequireAdministrator". So whenever your app is executed a prompt will as user if to allow your app to be elevated or no.

If you have to write to programdata you do not need Admin privileges.

Answer 3

Have a look at The Manifest File Mechanism.

You can embed a manifest in your exe OR you can have a separate manifest file through which you can control permissions.

Answer 4

C:\ProgramData\Desktop is an alias to C:\Users\Public\Desktop - which is the desktop shared by all users, and which is intended to be configured by system administrators.

With UAC enabled there is no way for a Guest, member of the Users group, or non elevated members of the Administrators group to create either files OR folders on the shared desktop without perverting the entire security model of Windows.

It would be, for example, possible to use an administrator account - during a UAC elevation during app setup - to add a Access Control List entry granting mebers of the users group some kind of create/write control to subfolders or files in the Public\Desktop.

So, unless your 'sample program' is trying to demonstrate a method to write files in a shared location from an unelevated account you would be far better off creating your file in the users own desktop - c:\Users\YourUserAccount\Desktop - The path to which you retrieve is using the appropriate (SHGetSpecialFolderLocation) API of course!