|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Least Privilege User Accountsas an Administrator on the machine. Currently we store data for the application where the application was installed on the machine (c:\program files\[product name]\xxx). This works fine except that in order to run the program the user needs admin rights. I have come across many articles about using the approach of "the least privilege user account" login and they have indicated that if you follow Microsoft's suggestions in where you store your application data, your app will work fine when a non-privileged user logs in and uses your application. That sounds great! But. I can't seem to find where Microsoft suggests where to place the data! My question is: Where should an application place both system wide and user specific data so that it will run when a non-admin user is logged into the machine? A reference to the source article would be nice too. Thanks in advance your any assistance. Doug Hi
Program files is only for static, read-only data files. You should use the various directories under C:\Documents and Settings. All Users if ro application data, and username/.... is for user data. Look at: http://www.microsoft.com/winlogo for more details. Hope this helps Chris Seary Show quoteHide quote "doug" wrote: > I need to modify my application so that my users don't have to always login > as an Administrator on the machine. Currently we store data for the > application where the application was installed on the machine (c:\program > files\[product name]\xxx). This works fine except that in order to run the > program the user needs admin rights. > > > > I have come across many articles about using the approach of "the least > privilege user account" login and they have indicated that if you follow > Microsoft's suggestions in where you store your application data, your app > will work fine when a non-privileged user logs in and uses your application. > That sounds great! But. I can't seem to find where Microsoft suggests where > to place the data! > > > > My question is: Where should an application place both system wide and user > specific data so that it will run when a non-admin user is logged into the > machine? A reference to the source article would be nice too. > > > > Thanks in advance your any assistance. > > > > Doug > > > Also note the System.Environment.GetFolderPath method. They've made finding
these folders extremely easy in .NET. Joe K. Show quoteHide quote "oldbear" <oldb***@discussions.microsoft.com> wrote in message news:0AABB802-E73A-49AD-BB33-EF12BB021797@microsoft.com... > Hi > > Program files is only for static, read-only data files. > > You should use the various directories under C:\Documents and Settings. > All > Users if ro application data, and username/.... is for user data. > > Look at: > > http://www.microsoft.com/winlogo > > for more details. > > Hope this helps > > Chris Seary > > "doug" wrote: > >> I need to modify my application so that my users don't have to always >> login >> as an Administrator on the machine. Currently we store data for the >> application where the application was installed on the machine >> (c:\program >> files\[product name]\xxx). This works fine except that in order to run >> the >> program the user needs admin rights. >> >> >> >> I have come across many articles about using the approach of "the least >> privilege user account" login and they have indicated that if you follow >> Microsoft's suggestions in where you store your application data, your >> app >> will work fine when a non-privileged user logs in and uses your >> application. >> That sounds great! But. I can't seem to find where Microsoft suggests >> where >> to place the data! >> >> >> >> My question is: Where should an application place both system wide and >> user >> specific data so that it will run when a non-admin user is logged into >> the >> machine? A reference to the source article would be nice too. >> >> >> >> Thanks in advance your any assistance. >> >> >> >> Doug >> >> >> they even *create* those folders on the first use...
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Also note the System.Environment.GetFolderPath method. They've made > finding these folders extremely easy in .NET. > > Joe K. > > "oldbear" <oldb***@discussions.microsoft.com> wrote in message > news:0AABB802-E73A-49AD-BB33-EF12BB021797@microsoft.com... > >> Hi >> >> Program files is only for static, read-only data files. >> >> You should use the various directories under C:\Documents and >> Settings. >> All >> Users if ro application data, and username/.... is for user data. >> Look at: >> >> http://www.microsoft.com/winlogo >> >> for more details. >> >> Hope this helps >> >> Chris Seary >> >> "doug" wrote: >> >>> I need to modify my application so that my users don't have to >>> always >>> login >>> as an Administrator on the machine. Currently we store data for the >>> application where the application was installed on the machine >>> (c:\program >>> files\[product name]\xxx). This works fine except that in order to >>> run >>> the >>> program the user needs admin rights. >>> I have come across many articles about using the approach of "the >>> least >>> privilege user account" login and they have indicated that if you >>> follow >>> Microsoft's suggestions in where you store your application data, >>> your >>> app >>> will work fine when a non-privileged user logs in and uses your >>> application. >>> That sounds great! But. I can't seem to find where Microsoft >>> suggests >>> where >>> to place the data! >>> My question is: Where should an application place both system wide >>> and >>> user >>> specific data so that it will run when a non-admin user is logged >>> into >>> the >>> machine? A reference to the source article would be nice too. >>> Thanks in advance your any assistance. >>> >>> Doug >>> 
Other interesting topics
Online Only Digital Signature
Windows Security Roles Role based security flaw? Login failed for user ''. The user is not associated with a trusted SQL Server connection. Encrypted Data Storage ? HowTo ? WebService Windows Authentication ASP.NET 2.0 Impersonate Digital Signaturing Best option for file encryption? internet explorer 6 sp2 |
|||||||||||||||||||||||
