tags:

views:

84

answers:

2
Q: 

Windows Server 2008 R2 File Permissions

I’m having some problems understanding some particular file permissions behaviour. Here are the steps to reproduce:

  1. Log into the server using the default Administrator account

  2. Create a text file (testfile.txt) in C:\ProgramData containing some arbitrary text

  3. Create a new user account and make it a member of the Administrators group

  4. Log in using new account and open C:\ProgramData\testfile.txt

  5. Edit the text and try to save

Upon clicking save I’m presented with the save as dialog, which indicates that i do not have the necessary permissions to edit the file. This seems odd considering that the new user account is a member of Administrators.

When I view the permissions of the file I can see the there are three groups listed, System, Administrators and Users. SYSTEM and Administrators have full permissions, however, Users only has the Read & Execute and Read permissions checked.

It would appear that when I open the testfile.txt from the new users account, it opens in the context of the Users group, despite being a member of Administrators, is this correct? It would certainly explain the behaviour.

The reason that this is an issue for me is that if I deploy an application via 'Run as Administrator', will normal users be able to edit the text files I install to ProgramData.

Is this behaviour confined to Windows server or is it the same in Vista and Win7.

A: 

I just tested on Windows 7 and can write to files under ProgramData without issue. You can test whether you're having a UAC issue by launching an elevated notepad (right click in the start menu and Run As Administrator.) If the elevated notepad can write the file, then the application you plan to have Run As Administrator will also be able to. If elevated notepad can't write it, then elevating your app won't help.

Kate Gregory  2010-06-15 12:24:25
A: 

Hi, ive tested it on windows 2008 r2. this is how it suppose to be. its called uac. youve created normal user and want to edit (even with local administrator group) file which owner is administrator. you cannot do this but you can grant administrator privilidges and edit that file.

More details http://en.wikipedia.org/wiki/User_Account_Control

ochach  2010-06-15 14:33:24

related questions

Any restrictions on development in Vista
How to add a dll to gac in vista
Tablet PC SDK (1.7) Merge Module + VS2008 + Windows Vista?
Vista BEX error
Mute Specific Application in Vista
Vista Console App?
Windows Vista Virtual PC-image for Visual Studio-development minimized
Vista speech recognition in multiple languages
How can I disable DLL Caching in Windows Vista via CMD?
Getting started with SideShow Devices
Windows Home Server versus Vista Backup and Restore Center
Why does Vista complain about a dead process when I use Cygwin X11 ssh and how do I get it to shut up?
Windows Vista: Unable to load DLL 'x.dll': Invalid access to memory location. (DllNotFoundException)
Vista and VS2008 strangenesses
What is your best list of 'must have' development tools?
What are the main differences between programming for windows XP and for Vista?
Why go 64 bit OS?
Which Vista edition is the best for developer machine?
Request Windows Vista UAC elevation if path is protected?
Anyone know of a good NFS client for Vista?
Why are my auto-run applications acting weird on Vista?
EFS encryption key pop up
How do I stop IIS7 dropping my cookies?
Vista or XP for Dev Machine
How do I configure a Vista Ultimate (64bit) account so it can access a SMB share on OSX?