How to assign permissions for Copy/Paste on windows - file

Well, as everyone knows there is no way you can assign permissions for Copy/Paste of files on windows platform.
I need to control the copy process from a central file server, in a way that helps me know:
which user performed the copy
Which files were copied
where did he pasted them
Total size of data copied
Time of copy operation
If user exceeds the allowed "Copy-Limit", a dialog box requests him to enter administrative credentials or deny him (as it would be configured)
Store all this data in a file for later review or send by email.
I need to collect this data by putting a utility program on the server itself, without any other installation on client computers.
I know about monitoring the Clipboard, but which clipboard would it be? the user's clipboard or the server's clipboard ?
And what about drag-drop operation, which doesn't even pass through the clipboard?
Any knowledge of whether SystemFileWatcher is useful in such case ?
Any ideas ?

I don't think the clipboard has anything to do with things here. The result of a "Copy and Paste" action at the client is that files are copied from a share, right? In fact, it's not the act of "Copy" that you care about, it's the "Paste" (A clipboard Copy of a file doesn't do anything until you Paste it somewhere).
So, I think you should ignore clipboards all together and look for ways to monitor file access on your share.
Essentially, you're looking for file share auditing. Windows has some of this built in, but I'm no expert. In fact, you might get more traction with this sort of question on ServerFault.com (sister site to StackOverflow.com) so long as you word it in terms of file share auditing. Oh, and you didn't mention the OS of your server here - you should do so if you post on ServerFault.com.

Related

Split Access database not allowing multiple users

I have a split database design in Microsoft Access. Copies of the front end (w/ forms, queries, linked tables) are distributed to multiple users, while the backend (tables only) resides on the network.
Everything works fine when there is only one user, but as soon as a second user tries to open their copy of the front end, they get an error message saying the backend is already in use.
I've already confirmed that everyone has read & write permissions for the backend.
I've used split databases before and never run into this issue. The only difference is this time I didn't use the Database Splitter utility. I just started with the backend, then created a new database and set up some linked tables. Could that be my problem? Is there a step or setting I'm missing?
In general, this should work.
However, not only do users need read/write, but they ALSO require create file, and delete file rights to that folder.
The reason is that of couse this is pure file based system, so on first open, Access will create a ldb (locking file). This locking file is used to manage (allow) multi-user operations of the file.
If the locking file can't be created (first user to open), then multi-user operations can't be used, and in fact in most cases you get a read-only file.
So, users need quite much full rights. I seen some work with delete rights, but that means the last user out does not allow access to remove (delete) that ldb locking file, and it should be allowed for deletion.
so, create file, delete file rights are also required in most cases for this to work.
It also possbile I suppose that one user launched Access, choose open, and browsed to that file, and opened it exclusive. However, you have a split system, and that should not be possible, but it certainly still possible that someone on the network opened the back end file (that shared file) directly with Access, and used the open exclusive option - which would prevent all other users from opening the file.
As noted, since this looks to be a split system, then I would suggest that users don't have the all important create file rights, and delete file rights to that folder. Without such rights, then as noted, multi-user operations can't occur - you get a read only file in most cases.
So, either users don't have enough rights to that folder, or someone has opened the file with Access, and opened the file "exclusive".

hold versions of doc file with mssql blob file

we can assume the user is working with Ms Word files.
After the user chooses a file, the software needs to store it.
That is easy, with Delphi blob and MsSql image.
Now lets say the user wants to edit the file,
could you suggest a simple solution, that will open the file in Ms Word, allow edit, and then save the changes to the image?
It would be better if old version could be kept, like svn.
Any component that you could suggest?
Copy the blob out to a temp file:
C:\Documents and Settings\\Local Settings\Temp\2011112_1115112.doc
or
wherever windows wants you to store temp files for this user.
Launch WinWord on that file,
waiting on the program to finish.
When they're done, copy it back.
For multi-user situations, you'll need exclusive access. WinWord usually figures that out when you're sharing files. But in this case, you'll have to simulate it, perhaps with a field on the table row to reserve/release the document for read/write access.

Ability to detect if this is the users first login to Windows 7

I have an windows application (WPF) in which we are running on each login, however when the user first logs into a new PC the application will need to do some specific tasks, but only on the users first login and never on subsequent times.
Is there a way in .Net 3.5 to query wether the user has logged in before (ie some kind of login count)?
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
We use redirected folders so the user may have already logged into a PC on our network these special events should only occur when the user hasnt logged in onto the PC and Windows has had to create a new profile for the user on the PC.
If I am not clearly explaining what I am seeking, please dont hesiate in letting me know.
Matt
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
I'd recommend going with this option. Don't try to detect it, just create your own state on first run.
I suggest this, not because it is technically impossible to achieve the functionality you describe, but because it is a better user experience. It provides an easy way to re-do the action without having to recreate the user.
... a txt file in the users registry ...
I'm not sure what this means. You can create text files under the user's profile directory, and you can insert string values in the registry (but not files of any sort).
As for the particular mechanism, I suggest you consider:
An App.Config value. Clearing out the value is easier to support or batch-script than a registry value, and makes the user less scared that their machine will explode if you have to tell them to edit the settings. Users are scared of the registry.
A sentinel text file under the user profile directory. Wiping out the file is super-easy to support and batch-script. Instead of editing a text file, they can just delete one. But this makes it so you have multiple config mechanisms, so multiple points of failure. I'd only do this if I were using the App.Config for additional settings in the program and thought the user wouldn't be technical enough to hand edit it.
The windows registry. Remote registry access might be easier than remote file access, if you're having to do remote troubleshooting. It also might be easier to mess with via group policy, in case this is an intranet app and you need to force a re-run on all machines in your org.
I'd carefully consider my options and which is most likely to ease support (be understandable by my users) before committing to one. I'd also consider the remote-troubleshooting/remote reset scenario.
This may not be what you're looking for but I'm hoping it will help you anyway.. I do not know from the top of my head how to do this in WPF but I do know you can use an "unattend.xml" file and the FirstLogonCommands to execute a script or application on first logon. I have used this for Windows 7, it may not apply to XP.

using IsolatedStorageFile with Silverlight 4

I am looking at writing a silverlight app that I plan to use OOB setting to enable use on both PC and mac.
I have been doing a little investagation on the isolationstoragefile and what I understand is it will work for both pc and mac without a problem.....Is that correct?
The application I am building is going to be a business application that will submit details back to the main database if there is an available connection. If not then I want to store the information locally until there is an available connection.
My question is lets say I have 3 user accounts using the same machine. Can I have the isolationfile stored in the same place? or must it be under the user profile?
I don't want to have orphaned records which I could see happening if the data is stored on each user's profile.
Any advise would be great!
I understand is it will work for both pc and mac without a problem.
That is correct. You don't need to worry about the mechanics of how it is persisted to disk.
I have 3 user accounts using the same machine. Can I have the isolationfile stored in the same place? or must it be under the user profile?
IS is located under the user profile. In a full trust (elevated) OOB app you may be able to store files elsewhere on the file system by using the FileSystemObject or by using some COM interop, but there is no guarantee that you can get to that file again (NOTE: i haven't played with saving files external to IS, so may be wrong/misinformed on this). If you can whack files out to anywhere on the file system you should be very careful doing it - what if you are running on a Mac?
I don't want to have orphaned records which I could see happening if the data is stored on each user's profile.
If you mean data may be stored locally because of no connection, then that user logs off and never logs back in again to that machine so their data never syncs to the server, then yes that is a possibility. Having a service monitoring for saved data files would be ideal, but you can't do that under SL. To completely eliminate that issue may take a change in your product, like writing it as a WPF client instead of SL.

What is the best deployment approach for WPF applications with local database?

I want to make a WPF application that exists in one directory including all files that it needs: .exe, .mdf database, .xml config files, etc.
the application should work no matter what directory it is in so that it supports this scenario:
person 1 executes the application in c:\temp\wpftool.exe
the application reads and writes to the c:\temp\wpftool.mdf database
person 1 zips up that directory and sends it to person 2 via e-mail
person 2 unzips it to c:\Users\jim\documents\checkout\wpftool.exe, the application reads and writes to the same database in that directory (c:\Users\jim\documents\checkout\wpftool.mdf)
person 2 zips the directory up again and sends it back to person 1 to continue making changes on it
What is the best way to create a WPF application that supports the above scenario?, considering:
there should be no hard-coded database connection strings
what is the best deployment method, click once? or just copy the .exe file out of the /release directory?
reasonable security so that users have to log in based on passwords in the database, and if a third person happens to intercept the e-mail, he could not easily look at the data in the database
Some points on the database side:
Assuming the "New user" already has SQL installed, they'd need to attach the (newly copied) database. Besides having sufficient access rights to attach a database, your application would need to configure the call to include the drive\folder containing the database files. If your .exe can identify it's "new home folder" on the fly, you should be able to work that out.
Define "reasonable security". Any database file I get, I can open, review, and ultimately figure out (depends on how obscure the contents are). Can you obfuscate your data, such as using table "A" instead of "Customer"? Would you really want to? The best possible security involves data encryption, and managing that--and in particular, the encryption keys--can be a pretty advanced subject, depending on just how "secure" you want your data to be.
For the database, I would look into using the "user instance" feature in SQL Express. Combined with the |DataDirectory| substitution string support it makes it very easy for your application to get hooked up.
In all honesty I have not deployed a ClickOnce app leveraging this approach myself yet, but I just thought I would bring it to your attention because it's what I would look into myself if I was building something like you described.

Resources