Re: Problems with AppData on Vista.

Thanks.

Its actually the ACL stuff im most unsure about. As my companies product
traditionally has had to run on Windows 9X where the security APIs simply
didnt exist, and passing NULL was appropriate I've never, until now,
bothered.

It also looks like easy stuff to get wrong. I mean, its failry glib to say
"You can give those directories whatever ACLs you deem appropriate for the
type of sharing you want to do."

I mean, when I look at the results of using NULL on functions like
CreateDirectory - specifically in the Common_AppData folder, a list of allow
rules get added for things including SYSTEM, Administrators,The
Owner/creator as well as Users.

Its important to me to follow best practices when doing stuff like this, esp
when I dont quite understand what I am doing. I *know* that I need to supply
an ACL allowing users full control over the folder, subfolders and files.
Well, I think I do. If I supply such an ACL when creating my cache folder,
am I then absolved from providing security info for each file created?

Is the default ACL extremely redundant? What do I potentially effect by
creating a simple ACL that has just a single entry granting full control to
the built in users group? i.e. omitting the traditional SYSTEM etc entries?
How hard do I need to work to ensure that guest users can access my software
but not effect actual users etc. Windows 2000 logo guidelines are a good
start but they dont really delve deep into the intracacies of implementing
"correct" ACL's (i.e. supporting Administrator/Standard User/Guest
scenarioes in an expected way).

Thanks.


.

Relevant Pages

  • Re: Minimum NTFS Permissions on the SystemDrive
    ... File system and registry access control list modifications ... Microsoft Windows XP and Microsoft Windows Server 2003 have considerably ... You can no longer use the Anonymous security ... Additional ACL changes may invalidate all or most of the application ...
    (microsoft.public.windows.server.security)
  • Re: Permissions on System Volume Information
    ... Logged in as a local administrator I am able to edit the ACL. ... Administrators show as the owner of the folder. ... Under Windows 2003, I'm seeing SYSTEM listed with Full Control. ...
    (microsoft.public.win2000.security)
  • Re: Word (program) question
    ... .acl files are named the same (and that you transfer the correct .acl ... dictionary file over from a folder of one name on the previous computer to ... Professional computer but not on my Windows XP professional computer, ...
    (sci.med.transcription)
  • Re: Newbie security programming questions
    ... > I am trying to get to the GUI described in this page to change the ACL ... > Is GUI ACL viewer not available with all versions of Windows? ... How to disable simplified sharing and set permissions on a shared folder ...
    (microsoft.public.platformsdk.security)
  • Re: Pricing ACL / 2 royalties?
    ... > YOu could price your Allegro Lisp application as, ... If my company sells product X, built with ACL then a customer Z who buy ... X would have to pay: ... > $500 for Windows XX + Adobe ...
    (comp.lang.lisp)
Quantcast