|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Running vb.net 2005 app under windows restricted userI have several vb.net 2005 apps which have run fine until now A new customer has set up windows XP with restricted users When my application starts I get errors, when accessing the registry etc, due to insufficent rights for the user If I create a keyfile and set my app to full trust in project settings, many of the 3rd party dll's (.net and com) that my apps use give the error on compilation that they do not have a strong name I am lost as to what to do next Any ideas appreciated Regards Steve Hi Steve,
Can you provide which registry key path do you write to? As the name indicated, the restricted user has limited permission than Administrator, so if your application wanted to support the usage by restricted users, you should take care of Windows security. For example, you should not write to HKLM or C:\Windows\System32 directories etc... Because these directories and registry paths are all system maintained, any modification to them will affect the entire system and other users. This is by the design of Windows security. To workaround this problem, instead of writting to system sensitive registry paths, you may write to some other keys under HKEY_CURRENT_USER. Actually, this type of issue is considered as Least-Privilege User bugs in security programming. You may understand the principle and workarounds in Aaron Margosis' great article below: "Problems of Privilege: Find and Fix LUA Bugs" http://www.microsoft.com/technet/technetmag/issues/2006/08/LUABugs/ PS. In Vista, the virtualization feature will automatically redirect your writting to HKLM to HKEY_CURRENT_USER. Hope this helps. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Hi Jeffrey
Thanks for the reply very helpful I am writing to HKLM, which I have fixed, and the application now runs I have one last problem As part of my licence in the program I read the Hard drive serial number, using system.management class and pass it to the licence checking code code..... searcher = New System.Management.ManagementClass("Win32_DiskDrive") Dim queryCollection As ManagementObjectCollection = searcher.GetInstances dtserialNo.Columns.Add("Signature", GetType(System.String)) For Each wmi_HD As ManagementObject In queryCollection ' get the hardware serial no. If Not IsNothing(wmi_HD("Signature")) Then dr = dtserialNo.NewRow dr("Signature") = wmi_HD("Signature").ToString dtserialNo.Rows.Add(dr) End If Next Under Restricted user it doesn't return the serial number Any ideas Regards Steve ""Jeffrey Tan[MSFT]"" <je***@online.microsoft.com> wrote in message Show quoteHide quote news:rOFRyg1KIHA.360@TK2MSFTNGHUB02.phx.gbl... > Hi Steve, > > Can you provide which registry key path do you write to? As the name > indicated, the restricted user has limited permission than Administrator, > so if your application wanted to support the usage by restricted users, > you > should take care of Windows security. For example, you should not write to > HKLM or C:\Windows\System32 directories etc... Because these directories > and registry paths are all system maintained, any modification to them > will > affect the entire system and other users. This is by the design of Windows > security. > > To workaround this problem, instead of writting to system sensitive > registry paths, you may write to some other keys under HKEY_CURRENT_USER. > > Actually, this type of issue is considered as Least-Privilege User bugs in > security programming. You may understand the principle and workarounds in > Aaron Margosis' great article below: > "Problems of Privilege: Find and Fix LUA Bugs" > http://www.microsoft.com/technet/technetmag/issues/2006/08/LUABugs/ > > PS. In Vista, the virtualization feature will automatically redirect your > writting to HKLM to HKEY_CURRENT_USER. > > Hope this helps. > > Best regards, > Jeffrey Tan > Microsoft Online Community Support > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > ================================================== > This posting is provided "AS IS" with no warranties, and confers no > rights. > Hi Steve,
Thanks for your feedback. Yes, coding under the normal user account is not a trivial task; you have to perform a lot of security test to ensure all the code paths can succeed in this restricted security environment, but it is also a good sandbox for security. Regarding your further problem of using WMI to read serial number, I suspect the hard drive security setting may do not grant read access to the normal user account. You may download the Process Monitor and monitor your application for file system activities. I think there must be some "Access Denied" records during your WMI code. Then, you may analysis which device is responsible for this "Access Denied". You may download the Process Monitor from the link below: http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx Thanks. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Steve wrote:
> When my application starts I get errors, when accessing the registry etc, And it gets even worse with Vista!> due to insufficent rights for the user This isn't want you want to hear but ... You're going to have to face this eventually, so it may be better to bite the bullet now and change you application, removing its use of these "restricted" Registry areas, etc. What are you trying to store under there? If it's user-specific, it should really be under HKey_Current_User, to which every User can write without problems. Regards, Phill W. Phil
Thanks for the reply I have now changed the registry sections in my app to HKCU Regards Steve Show quoteHide quote "Phill W." <p-.-a-.-w-a-r-d-@-o-p-e-n-.-a-c-.-u-k> wrote in message news:fhujnp$1hu$1@south.jnrs.ja.net... > Steve wrote: > >> When my application starts I get errors, when accessing the registry etc, >> due to insufficent rights for the user > > And it gets even worse with Vista! > > This isn't want you want to hear but ... > > You're going to have to face this eventually, so it may be better to bite > the bullet now and change you application, removing its use of these > "restricted" Registry areas, etc. > > What are you trying to store under there? > If it's user-specific, it should really be under HKey_Current_User, to > which every User can write without problems. > > Regards, > Phill W. 
Other interesting topics
Type inference
how do you implement association between objects Check if libraries or program exist dataset question error with exe programs fast updates to textbox? Emailing a form in Visual Basic 2005 Express Need to develop an IDE add-on that would behave similar to the Find in Entire Solution Form - controls is placed different on Vista than in XP day/month/year parts of a date |
|||||||||||||||||||||||
