I have written a code that almost works.
the only part that doesn't work is when it needs to copy from the Z: drive to the C:\Program Files\software
That step requires to run the batch as an admin, however i would like to run it withouth admin rights.
I want to make it executable for every user in the domain, withouth having to give them admin rights.
Is this possible to do (also withouth having to copy the map for every single computer)
TL;DR
To copy a file to the C: drive the user would need to be an admin or run it as admin. However i don't want to make everyone admin so they can execute it.
Is there a way to evade this? Or some code i can put it to make non-admin users be able to copy to that folder.
Thanks in advance.
Why don't you simply change the security options for the target folder? Just give any user a write permission for it.
It makes no sense - if a user can't write to a location it's because of the security policy. If there was a way to allow a user to write to a location even if he isn't allowed to you would simply evade the windows security policy - which is not possible or at least not intended.
TL;DR: Ither grant the users the permission to write to the desired location by changing the security settings for the target dir OR by elevating the users' rights.
Related
I'm a newbie to Snowflake. I'm assigned task to make python script that gets data from Snowflake View and copies it to SFTP server. I have barely any permissions on that account (can only view the shared Views).
Now my 2 questions:
Can admin grant me permission to creating internal stages without granting me any more permissions? (I want to ask the admin to give me that permission, but he won't be willing to share anything more with me.)
Can I use COPY INTO command on Views? All examples I read on the internet were about Tables and not Views and I'd like to be sure I can copy Views before asking for any permissions.
I apologize if those questions sound silly, but I have no way of testing those myself as I have no permissions on that account and I need to be sure before negotiating anything with admins.
Yes, that can be done. Also, you can look at the following documentation which details about Unload operation : docs.snowflake.com/en/user-guide/data-unload-overview.html
If somebody want to manage permissions in a program first idea would be RBAC implementation. but another idea is a service like NTFS which allow to any user to create and manage his/her directories and sub directories. moreover can add more users with defined access
My question is:
I created a file (in C) and then I tried to modify the permissions with chmod using octal integers: 00647.
I don't understand why I would still be allowed to execute this file as I set the permission 6 for the user who created the file (that's me!) knowing that 6 means I am only allowed to read and write on this file, but not execute it.
One of my thoughts was that maybe as I set the permission 7 for every users, I can execute it even if I set the permission 6 for myself which is kind of weird, I think, because that would mean that as long as I set the permission 7 for every users, other permissions do not matter. So I am not sure that is the solution.
The purpose of file permissions is to provide security.
Imagine that you maintain a system that provides access to a functionality for each user by default. If a user does something nasty you denies access for him. He then creates simply new account to gain acces for the functionality again... Oops your model is wrong!
Better way is to maintain a default deny policy and then grant permissions for particular users to particular resouces.
The OS asks itself - This person wants to access this file for execution.
If this person "anybody" - Bingo - Yes you are so on you go.
I have to write files to a hidden location in WPF.
I do not want the user to be able to locate these files.
When I'm done writing I plan to upload these files to a separate location.
What is the best location to write to for this scenario.
Thanks
This is not possible.
More experienced users will always be able to locate files you modify, using tools like Process Monitor.
If you don't want users to see the contents of the files, then encrypt them.
The best location to store application-specific data is %AppData%\YourApp\ (this is a per-user folder). You'll have write privileges to this folder even if the user isn't administrator.
If you try to save files to location where they need administrator privileges, you'll get User Account Control Dialog Box, and they will recognize that your application tries to access unauthorized location.
I have an windows application (WPF) in which we are running on each login, however when the user first logs into a new PC the application will need to do some specific tasks, but only on the users first login and never on subsequent times.
Is there a way in .Net 3.5 to query wether the user has logged in before (ie some kind of login count)?
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
We use redirected folders so the user may have already logged into a PC on our network these special events should only occur when the user hasnt logged in onto the PC and Windows has had to create a new profile for the user on the PC.
If I am not clearly explaining what I am seeking, please dont hesiate in letting me know.
Matt
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
I'd recommend going with this option. Don't try to detect it, just create your own state on first run.
I suggest this, not because it is technically impossible to achieve the functionality you describe, but because it is a better user experience. It provides an easy way to re-do the action without having to recreate the user.
... a txt file in the users registry ...
I'm not sure what this means. You can create text files under the user's profile directory, and you can insert string values in the registry (but not files of any sort).
As for the particular mechanism, I suggest you consider:
An App.Config value. Clearing out the value is easier to support or batch-script than a registry value, and makes the user less scared that their machine will explode if you have to tell them to edit the settings. Users are scared of the registry.
A sentinel text file under the user profile directory. Wiping out the file is super-easy to support and batch-script. Instead of editing a text file, they can just delete one. But this makes it so you have multiple config mechanisms, so multiple points of failure. I'd only do this if I were using the App.Config for additional settings in the program and thought the user wouldn't be technical enough to hand edit it.
The windows registry. Remote registry access might be easier than remote file access, if you're having to do remote troubleshooting. It also might be easier to mess with via group policy, in case this is an intranet app and you need to force a re-run on all machines in your org.
I'd carefully consider my options and which is most likely to ease support (be understandable by my users) before committing to one. I'd also consider the remote-troubleshooting/remote reset scenario.
This may not be what you're looking for but I'm hoping it will help you anyway.. I do not know from the top of my head how to do this in WPF but I do know you can use an "unattend.xml" file and the FirstLogonCommands to execute a script or application on first logon. I have used this for Windows 7, it may not apply to XP.