I am designing an command line application for Windows 10 that require to replace some files in c:\programdata folder. But when I use File.Copy or File.Move, it throws an exception as:
Access to the path 'C:\ProgramData\***' is denied.
I have added app.manifest with requireAdministrator but it doesn't work. Am I missing something?
Make sure you have permissions on that folder. e.g. Right Click on folder > Properties > go to Security tab, and check if you have permissions. Also try your application by right click and 'Run as Administrator'.
Try to check the user identity the actually runs the process/execute file.
This user should by "System" to have permissions to Move/Copy files on the Disk.
In debug mode you can always check the Task Manager => Processes and see the User Name for your process.
Related
I am trying to create an updater which will replace the files in the folder without needing an installer. As part of this process, I need to be able to delete old files and replace them by new files. I tried it and got an UnAuthorizedException. I am runing the updater as administrator. I tried the following
a. Setting the file and folder attribute to Normal
[Access to the path is denied when trying to delete a certain directory
b. Taking ownership of the folder and files contained in it
[Taking ownership of a file or folder
c. Changing the permissions and giving all users full control over the folder and files [Using a custom action in the installer]
[How to give Read/Write permissions to a Folder during installation using .NET
d. Running the updater from a windows service
There is no difference in the results. I keep getting the access denied error. What do I do so that the updater can delete the files?
It's not clear exactly what you mean by "running as administrator", but being logged in as administrator and running a program does not mean that the program is running with elevated privilege, which is what it really needs. But clearly the updater program is not running elevated.
So the issue might be that this updater program of yours needs an elevation manifest so that when you run it, it will ask for elevation with a UAC prompt.
Having said that, simply replacing files that were installed with a Windows installer MSI is not supported. The files must be replaced with a Windows Installer update such as a patch .msp file or an upgraded MSI file. Windows Installer keeps track of every file installed, and it's version and whether it's been updated or not, as well as a filehash. Replacing a file without using Windows Installer can result in unexpected demands for the original MSI file in order that Windows can restore the files to their original installed state. You might find that going to Programs&Features (or right-clicking the MSI file) and choosing repair will also restore them.
I have an ASP.NET application that has a button. When you click the button it has one line where is creates a sub-directory in a directory I have Read, Write, Modify through an AD group on another server (NOT the web server).
When I click the button I get an Access Denied error to the sub-directory.
Impersonate is set to true in the web.config.
Authentication is Windows.
WindowsIdentity is set to me.
The application is running under my account because of the above two things.
I can click the button and have it open the folder in Windows Explorer. So I have access to the parent.
If I create a subfolder in the folder. I can click the button and have it open the subfolder in Windows Explorer
I can do all this using C# code.
Only when I try to create a subfolder using C# does it tell me Access Denied. But I have Read, Write and Modify permissions.
Do not understand why this does not work.
You should try granting permission to the sysname\iis_wpg group.
Which version of IIS are you running?
Check the identity which is running the website in the application pool section. Verify that identity has the proper permissions on that directory. That is the identity which is being used to do the OS work.
Note that you might need to grant the identity in 7/7.5 via the command line on the directory such as
icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)
see Icalcs documentation.
I run the code from http://msdn.microsoft.com/en-us/library/ms171645%28v=vs.80%29.aspx#Y798
I have the error : "Access to the path 'C:\Documents and Settings' is denied."
I try change app.manifest and use try catch but nothing works.
I run it from administrator account. From Windows 7
It's because you are running under an account that does not allow access to that folder, try changing the path to one that you do have permission to access and trying again or change to an account that does have permission.
Edit: Ok I see you're running Windows 7, which doesn't have a 'C:\Documents and Settings' folder by default, it's changed to 'C:\Users'. If you say you've tried 'C:\' too and it doesn't work, are you sure you're running Visual Studio as an Administrator as by default I don't think it does? (To do this right click on a Visual Studio shortcut and click 'Run as Administrator'
Probably you're not the computer's administrator. Only an Admin has permission across the whole computer.
You also need to use try-catch every time you try to access the DirecrotyInfo for things like this.
i want to give a file(already present on the client computer .exe) permissions to always execute with administrative permissions.
please note that the file i wants to give permissions is already on target machine. and i want to change permissions of that file through another program written in c# and it has administrative permissions to do everything.
kindly let me know how to do it
i am using this code
System.Security.AccessControl.FileSecurity fs = File.GetAccessControl(#"c:\inam.exe");
FileSystemAccessRule fsar = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);
fs.AddAccessRule(fsar);
File.SetAccessControl(#"c:\inam.exe", fs);
this code will change the permissions correctly but still when i execute inam.exe after executing this code the UAC not appeared and also the inam.exe cant perform administrative operations.
actually i have already deployed an application on more than 10,000 clients so wants to release a patch to resolve the administrative rights issue.
Execute with administrative privileges is not a file permission.
This is usually configured by adding a manifest file (either to the Win32 resources in the EXE, or as an external manifest). This manifest file can state whether the application needs to run elevated or not.
I'm not entirely sure where Windows stashes the "Run this program as an administrator" compatibility setting.
Using a manifest file is the best approach, but an alternative one would be to programmatically set the "Run this program as an administrator" flag (the option you find in the Compatibility tab of an EXE's properties), by setting a simple registry key. You need to create a string value (REG_SZ) under the one of these keys (if you want the setting to be per user or per machine, respectively):
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
The name of the value needs to be the full path to your executable (if the path contains spaces, do not surround the path with quotes), and the data of the value must contain the string RUNASADMIN.
Build a manifest file (see http://www.gregcons.com/KateBlog/AddingAManifestToAVistaApplication.aspx among other places) and name it Whatever.exe.manifest and put it in the same folder as the exe. The nanifest should set the requestedExecutionLevel to requireAdministrator. All set.
If you own the other exe, you can embed the manifest when you build it. This is almost trivial in Visual Studio 2008 and up. See the Application tab and drop down the Manifests drop down. There are instructions nearby. Also when you use VS 2008 to add a manifest to your project you don't have to type all the XML, you just copy the appropriate requested execution level from the comments that are generated for you.
I have an app that writes messages to the event log. The source I'm passing in to EventLog.WriteEntry does not exist, so the Framework tries to create the source by adding it to the registry. It works fine if the user is an Admin by I get the following whe the user is not an admin:
"System.Security.SecurityException : Requested registry access is not allowed." message.
How can I fix that?
Update
I have create the registry with the Admin account manually in the registry. Now, I have the error : System.Security.SecurityException: Requested registry access is not allowed.
I do not understand because I have create a user in the Group Administrator... what do I have to do more?
For your update I have found something that might help you :
Run regedt32
Navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
Right click on this entry and select Permissions
Add the ASPNET user
Give it Read permission
2. Change settings in machine.config file
Run Explorer
Navigate to WINDOWS or WINNT folder
Open Microsoft.NET folder
Open Framework folder
Open v1.1.4322 folder (folder name may be different, depending on what dotnet version is installed)
Open CONFIG folder
Open machine.config file using notepad (make a backup of this file first)
Locate processmodel tag (approx. at line 441)
Locate userName="machine" (approx. at line 452)
Change it to userName="SYSTEM"
Save and close the file
Close Explorer
3. Restart IIS
Run IISReset
The source is here
The "non-programming way" is to grant the user that user your web application/web service with access to registry (Event Log are written in the event log).
Nothing of these worked out for me. What did the trick was alter the Application Pool Identity from "ApplicationPoolIdentity" to "LocalSystem". Then put LocalSystem Windows account into the Administrators group.