Re: locked down environment

CChong · ‎Aug 26, 2004

Can someone help me please? I have an application that is creating a temporary file in the root of C when it is launched. Of course as an Admin it has no problem but as a user in a locked down environment it does not work. I tried to go around by creating the file and installing it in the root of C but when launched the application will check for it, delete it and then try to create its own version. This happens despite the fact that I granted it full permision. How can I solve this problem without giving the C:\ full permission because it is not allowed? (Note that the temporary file is deleted after you quit the application)

I have another one that filemon shows the file is being created in ProgramFilesFolder when logged in as Admin but in some folder in the root of C:\ when logged in as a user in a locked down environment. How can I solve this one. I have granted permission to the folder in ProgramFilesFolder where it is being installed to but it is still not happy with that. Please help.

TsungH · ‎Aug 26, 2004

If the application creates and deletes the temporary file in root of C drive, the application is not compatible with locked down environment. Unfortunately, there are applications which will not function (well) in lockdown environment. Perhaps, it isn't what you want to hear.

CChong · ‎Aug 28, 2004

- First thing to check when packaging applications. Is it possible to move the file location. By the use of the apps. registry settings (check regmon, look if the app reads possible file locations). Also check ini files for file locations.
- U can't influence the location? Then u could give some special rights to the users group account on the file system. Check the advanced options of security. Remember u can set rights for "This folder, subfolder and files" , but you could also grant rights only for files etc. This is very handy in this sort of situations. If this is a solution for u, use the open source tool SetACL (also has a gui --> EasyACL) to implement your solution.

Granting priviliges is very normal in packaging for locked down environments. Otherwise my job would get a lot harder.... probably impossible.

Hope this helps u out a bit. If not maybe I know the app. Let me know.

Greetz

CChong · ‎Aug 28, 2004

Thanks so much guys. My boss said we should reject the application. As for the second application, I found out that the error message was false. The error message keep saying some wiered file was missing or not in the proper location. However, filemon shows that file does not exist.

How I fixed it was to create the foler it was looking for and populate it with the files. However, I am not satisfied with this solution because when logged in as admin it searches a different path for the missing file. When logged in as a user with limited rights it searches for the same file in a different location. Why?

Christopher_Pai · ‎Aug 29, 2004

Are you allowed to use a Hex editor to influence the programs behavior? Wouldn't be the first time I've had to do that. 🙂

Inabus · ‎Sep 07, 2004

Snapshot would work in that situation if ya ask me.

If the install does use temp files then just snapshot the complete installation on a test machine and then you wont have any temp file problems as the installation will be done!

Regards,
Paul