views:

321

answers:

4

My company produces a cross-platform server application which loads its configuration from user-editable configuration files. On Windows, config file ACLs are locked down by our Setup program to allow reading by all users but restrict editing to Administrators and Local System only.

Unfortunately, on Windows Server 2008, even local administrators no longer have admin privileges (because of UAC) unless they're running an elevated app. This has caused complaints from users who cannot use their favorite text editor to open and save config files changes-- they can open the files (since anyone can read) but can't save.

Anyone have recommendations for what we can do (if anything) in our app's Setup to make editing easier for admins on Windows Server 2008?

Related questions: if a Windows Server 2008 admin wants to edit an admins-only config file, how does he normally do it? Is he forced to use a text editor which is smart enough to auto-elevate when elevation is needed, like Windows Explorer does in response to access denied errors? Does he launch the editor from an elevated command-prompt window? Something else?

A: 

For the second question: for a quick solution i add notepad to the windows shortcut bar, right click, run as administrator, open the file, make the changes and save it.

Eleasar
You could even flag the shortcut that it should "Run as Administrator" (Properties, Shortcut tab, Advanced...).
Thomas
These are good workarounds we can document. I was hoping for some solution we could include in our setup program to make it easier.
Justin Grant
Dont think of them as workarounds. Think of them as @Jason said, your admins are doing some admin work, changing settings that affect everyone, and for them to pause a moment and acknowledge they are doing so is just how things work.
Kate Gregory
A: 

We moved all of our app setting to the database. See my blog post here. You can easily see how you can create a web page to edit that and have all of the permissions live in the web application.

JBrooks
Yep, for changes through our web app we already have this solved, since our web admin GUI runs as LocalSystem so has write access to the files. The problem is when admins need to use a text editor to edit the files, either because they prefer editing files or because they want to edit settings not exposed in the GUI.
Justin Grant
You are saying you have a problem with the mechanics of having the admins edit variables in the config file... I am saying that this goes away when you move all of those variables to the database.
JBrooks
+3  A: 

This isn't complicated for admins worth their salt. Open the text editor elevated, open file, save, done. Most people who edit configuration files are used to the ritual now. Unix people do this reflexively (with sudo); it's only difficult on Windows because it's still slightly unfamiliar territory for some users.

Realistically, they'd have the same problem if it were an HKLM registry setting, except they'd have to elevate regedit or Powershell or whatever they normally use to edit registry settings.

If they can't figure it out, they could choose to disable UAC entirely, or turn it down a notch or two, but I suspect if they can't figure out how to open an editor elevated this will create more problems than it will solve.

You should have to think before making big changes to system-wide config files. The UAC elevation is just enough thinking that it should give you pause if you didn't mean to make a system-wide change.

If it weren't a service, you could use %USERPROFILE% to store configuration settings, but generally, services run under a different user credential than the sysadmin's normal account.

Dotnet applications could choose to store information to the folder returned by Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData); people may need elevation to write to that folder outside your service, but if they don't like your admin UI and they do like their text editor, it's the same as the original problem: they just need to learn how to use UAC.

JasonTrue
+2  A: 

In my opinion an administrator that doesn't manage to right-click notepad and select "run as administrator" shouldn't be an administrator, but well... in real life there are such administrators around.

UAC works by disabling the administrator group SID from the user's security token, until you run a program with elevated priviliges. When running in non-elevated mode there is unfortunately no way to utilize the administrative rights.

One workaround, which unfortunately requires a non-trivial amount of work could be to:

  • Create a custom file name suffix for your config file.
  • Create a small application which is registered as the handler for that config file.
  • Mark the small application as requiring elevated priviliges (you can do this as you are creating a new application).

The only thing that the small application should do is to locate the registered handler for .txt file in the registry and then use it to open the file - with elevated priviliges.

Anders Abel
@Anders Abel - nice solution! Yep it's a lot of work but seems like the best alternative. congrats, you earned the bounty!
Justin Grant

related questions