Re: Windows Security vs. Application Security

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 01/20/05


Date: Thu, 20 Jan 2005 05:31:58 -0800

are you calling LoadUserProfile after impersonating the user?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/loaduserprofile.asp

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Top Whitepapers:
Auto-enrollment whitepaper: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
Best Practices for implementing Windows Server 2003 PKI: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
Troubleshooting Certificate Status and Revocation whitepaper: 
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
Windows Server 2003 web enrollment and troubleshooting guide: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Windows Server 2003 web enrollment and troubleshooting guide: 
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
"Rami Jaschek" <RamiJaschek@discussions.microsoft.com> wrote in message 
news:4F5396A5-4D13-4BF9-9E52-8912079D8D59@microsoft.com...
> We are developing a client sever application that generates files on a 
> common
> server. We wish for the application to be able to generate(/delete) files 
> in
> directories where the users have no permission to generate(/delete) files.
>
> The problem is that the security context of the application is the same as
> the logged in user running the application.
>
> Two solutions we tried and ran into problems with:
> A. Impersonation - we can switch to a different user context inside the
> application - but this has many side effects (such as suddenly not seeing 
> the
> default printer for that user).
> B. Sepcific agents - as the file access is needed in many places in the
> software and we write a lot - that creates both inconvenience for the
> developers and a bottleneck.
>
> Suggestions? 


Relevant Pages

  • Re: What to do with certificates when profile is deleted/recreated?
    ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... Windows Server 2003 web enrollment and troubleshooting guide: ... roaming user profiles ...
    (microsoft.public.windows.server.security)
  • Re: Auto-Enrollment of Certificates
    ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... Windows Server 2003 web enrollment and troubleshooting guide: ...
    (microsoft.public.platformsdk.security)
  • Re: Can we add a new Cryptographic Service Provider to the registr
    ... David B. Cross ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... Windows Server 2003 web enrollment and troubleshooting guide: ...
    (microsoft.public.platformsdk.security)
  • Re: Isolation of the Root CA
    ... Windows Server 2003 web enrollment and troubleshooting guide: ... Best Practices for implementing Windows Server 2003 PKI: ... Troubleshooting Certificate Status and Revocation whitepaper: ... >>> standalone root CA and use it to issue a certificate for an Enterprise ...
    (microsoft.public.win2000.security)
  • Re: Impersonation, ASP.NET and IS via OLEDB
    ... I'm 99% sure this is fixed in Windows Server 2003 SP1. ... > a bug *and* that Windows Server 2003 wasn't affected. ... > I perform a search whilst impersonating the end-user and having previously ... > LocalSystem, the error went away. ...
    (microsoft.public.inetserver.indexserver)