Re: notepad will not save .config file in iis7

Yup, the confusions are normal.

While drag-drop between windows is natural, automatically drag/drop
across security-elevation boundaries is not naturally secure and
disallowed. Why should an non-elevated user be able to drag
non-trusted content into an elevated/trusted app window? What happens
if that content is then saved/executed in an elevated context? It is
the exact elevation of privilege attack that the explicit Elevation
step is supposed to prevent.

I know that it looks visually confusing because the window is open but
you cannot drag/drop into it. However, I think the separation is
necessary. Why?

Well, suppose you are in an airport and all the food-service is outside
the security checkpoint while all flight gates are inside the security
checkpoint. Does it make sense to grab a sandwich, go through security,
then realize you forgot your drink so you go back out to get a drink,
go through security again, find that you forgot the newspaper, etc...
you lose the freedom of being able to be forgetful and are forced to be
more organized because straddling the security checkpoint is painful.

Yes, the change may be annoying and some may be more annoyed than
others, but in some senses, this is the cost of security.

Virus and malware have long abused people's tendency to run as
Administrator because it removes all security boundaries. Because
computers cannot distinguish between good and bad users, you cannot
stop malware without inconveniencing good users. Incidentally, the same
analog applies in real-life with terrorists...



//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


Carl wrote:
Wade, Thanks that seems to be the solution. It's going to take some time to
get used to Administrator but not Built-In Administrator -- logging into the
Administrator account and having to open an app "As Administrator."

Furthermore, when I run Notepad "elevated" I cannot drag and drop a file
into the open application. I can only open files via the File->Open
interface. I can't open a file "elevated" I can only open the app "elevated"
and then I can't drag the file onto the app window. This seems rather
Windows 3.1-ish as far as user interface interaction is concerned.

Sincerely,

Carl


"Wade A. Hilmo [MS]" wrote:

Hi Carl,

IIS does not do anything to prevent you from editing the file in place, but
the operating system might. What's probably happening is that the file
requires administrator group membership for writing. If that is the case,
and you are running as an administrator but not the built-in administrator,
then you will need to run notepad elevated.

I hope that this helps,
-Wade A. Hilmo,
-Microsoft

"Carl" <Carl@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8FA83FF0-29D7-42F5-8EC2-9576222FCBE4@xxxxxxxxxxxxxxxx
Hello, I have a web app that has its own configuration file named
vinetype.config. Under certain circumstances, this vinetype.config file
may
sit in the same directory as the web.config file (in default IIS setup in
the
wwwroot directory.)

On my local Vista RTM iis7 box, I am able to place the vinetype.config
file
in this location and it is able to be read by the web app.

When I try to edit the file with notepad, Notepad issues an error "Cannot
create the c:\inetpub\wwwroot\vinetype.config file Make sure the path and
file name are correct."

The workaround is to edit a copy of the file on my desktop and then
copy-replace the file in the inetpub folder.

So my questions are
1. Should I be able to edit-in-place my applcation's config file on my
local
box?
2. If so, how do I do that?
3. If not, why not?

Sincerely,

Carl





.

Relevant Pages

  • Re: RECOVER CORRUPT MY DOCUMENTS FILES
    ... Then go down to and left click on sharing and security ... You will want to make sure that your administrator name is in the top ... administrator in the lower window below. ... You will want to make sure that your username is in the top window. ...
    (microsoft.public.windowsxp.general)
  • Re: How to login to window automatically everytime window start
    ... An important Windows policy setting is not set for optimum security. ... I can login and go to Start -> Run and doing all ... can pick login as Owner or Administrator. ... I don't know how this change happen: window should logon automatically ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: How to login to window automatically everytime window start
    ... An important Windows policy setting is not set for optimum security. ... I can login and go to Start -> Run and doing all ... can pick login as Owner or Administrator. ... I don't know how this change happen: window should logon automatically ...
    (microsoft.public.windowsxp.perform_maintain)
  • [NT] User Downgraded from Administrator to User Retains the Ability to List Other Users Running Task
    ... Beyond Security would like to welcome Tiscali World Online ... Windows XP presents a new option called "Fast User Switching" (FUS). ... Eitan has found that if a user is downgraded from an administrator role to ... as shown in task manager)) via tempting the local ...
    (Securiteam)
  • [NT] IE Chromeless Window Vulnerabilities (More Examples)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Beyond Security in Canada ... A window without a frame, title bar, toolbars or scroll bars is known as a ... 'chromeless' window. ...
    (Securiteam)