Restricted user -> Common writable folder for all users (NT -> XP)?
From: Homer J. Simpson (abuse@hotmail.com)
Date: 07/17/02
- Next message: Stressed Out: "Visual Studio.Net"
- Previous message: Jon Teague: "All traffic goes via VPN?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Homer J. Simpson" <abuse@hotmail.com> Date: Wed, 17 Jul 2002 11:11:10 -0400
Hi all,
I need to write some info in a file (or the registry, it really doesn't
matter) that is common to all users of a PC. This needs to be able to run
on the oldest available version of NT4 and everything above (that is,
without any service pack or updated browser), as well as for users with
minimal rights. I'm not concerned about the Win9x line as all users always
have rights to write anywhere.
SHGetSpecialFolderLocation( ..., CSIDL_COMMON_APPDATA, ... ), which would
typically resolve to something like "C:\Documents and Settings\All
Users\Application Data", leads me to believe there should be at least one
folder somewhere on a system that every user has access to and has rights to
write into. As long as one user has access to the folder and can create a
file, any other user who subsequently reruns the program on that system just
needs to read from that file (that is, subsequent runs don't need to write
to the file). In essence, I'm trying to flag whether the app has been run
on the system before and assign a GUID to the system. As much as possible I
don't want to allow the user to delete the file as this would create a new
GUID. There isn't much I can do in the case of an OS reinstall or a hard
drive replacement, but I can live with that.
Couple of things...
a) As a restricted user, I can't write to ...All Users\Application Data, or
create a subdirectory. That rules it out.
b) CSIDL_COMMON_APPDATA is only recognized on systems that have had some
component updated (I didn't track down what exactly, it doesn't matter as I
cannot force users to do any sort of update/upgrade).
c) There doesn't appear to be an equivalent to "Documents and Settings\All
Users" on NT4 to begin with.
d) I've had instances of Win2K return that folder for CSIDL_COMMON_APPDATA,
but that directory didn't even exist (!) and restricted users can't create
it on the fly.
Restricted users have 'write' rights to %windir% on NT4, but not subsequent
OSes. Rule out %windir%.
"C:\Documents and Settings\All Users\Documents" allow 'write' for restricted
users. But again, there's no equivalent on NT4. Besides, I don't want to
write to any "Documents" or "My Documents" or a common/shared "My Documents"
folder, as any file in there is too easy for users to spot and delete.
Users OTOH have a tendancy to leave files in the "Application Data" folder
alone. Not a bulletproof solution, but statistically preferable.
As for using any of the TEMP folders, they're also too easy for users to
delete everything in there. Besides, starting with Win2K, the TEMP folder
isn't common to all users anymore (every user has his own), so every user
who logs in would end up with his own file, which I want to avoid. Again,
this file has to be global among all users of the PC.
C:\ appears to be writable even for restricted users, but again, it's too
easy to spot and delete.
I've looked at the Common* entries under Shell Folders in the registry--I'm
running into the same type of problem; in most cases a restricted user
doesn't have write access to those folders or the parent.
The registry seems to be just as restrictive as far as writing to a common
location goes for limited access users.
So...I know I've ruled out a few potential locations, but can anyone think
of something else I could try??
Any suggestion welcome...
- Next message: Stressed Out: "Visual Studio.Net"
- Previous message: Jon Teague: "All traffic goes via VPN?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
