Subject Re: [Firebird-general] Programatically updating Aliases.conf and virtualization
Author Venus Software Operations
On 06/02/2015 04:09 pm, Scott Morgan blumf@...
[Firebird-general] wrote:
> On 06/02/15 07:23, Venus Software Operations venussoftop@...
> [Firebird-general] wrote:
>> :) to setup a new database for the app. I don't want the normal users
>> to do anything. Still getting my programmatic head around Win7 normal
>> user's way of life
> No matter what, somebody needs access rights to the file (an admin level
> user, or a normal user). That leaves you two simple, manual options:
> 1) Whoever edits the aliases.conf file logs in with a admin level
> account, [Start Menu]->find Notepad->[Right-click]->Run as
> Administrator, then edit the file with that
> (Remember, even when you log in with an admin level account, the
> programs you use only run in a user level context unless you open them
> with the 'Run as Administrator' option)
> 2) Change the security properties for the aliases.conf file and add the
> relevant user(s) to it's write access list. This is for the file only,
> the rest of the directory and files would still be protected.
> Programmatically, you need to write a tool that can ask the system to
> bump it's privs up to admin level and has to be run from an admin
> account. That's a lot of reading, google "User Account Control" and be
> careful, some advice doesn't work on WinXP (it can BSOD the system!) so
> test on an XP box before deploying.
> Scott

Thanks Scott for the explanation.

Under an admin account I am easily able to update the aliases.conf from
my app which run under regular privileges you mentioned - "asInvoker"

Under a normal user my updates to it were being virtualized. Presently I
have put in code that updating aliases.conf will not be attempted if a
normal user is logged in. So they can go to their admin for database
creation and related activities. I intend to put this check at various
places in the app so that it will segregate admin stuff to Windows admin
login and normally run app.

This is fine with me and should be fine with the users too. I am not
too keen on elevating the manifest nor updating shortcuts to run as
admin and would like to go with the flow of user access controls put in,
just as long as I am able to do what I need to do for the users in my app.

Kind regards