Re: [DUG]: MS Security problems

[Robert martin]

Title: Message

Thanks for the info.  Unfortunately we have a custom installer and an existing install base.  My plan was to have our Server App (which currently has enough rights to make this change) do the security update and transfer from registry to ini.    So I am a bit stuck, I will have to keep trawling the web :o(       Rob Martin Software Engineer   phone 03 377 0495 fax 03 377 0496    web www.chreos.com ----- Original Message ----- From: Myles Penlington To: Multiple recipients of list delphi Sent: Thursday, September 25, 2003 8:51 AM Subject: RE: [DUG]: MS Security problems You are correct to use CSIDL_COMMON_APPDATA - however as stated in the MS Docs, the security on the folder may need to be changed at install time - guess what, you need a good installer that has this kind of feature.   Of course by default users cannot write to the program files directory either - that is why normal users cannot install programs. The main difference between a power user and a normal user is that a power user has access to write to the program files directory, hence they can install software.   HK_LOCAL_MACHINE has the same kind of security restrictions - although most people don't know you can change the security/ACL's on the registry too - using regdt32.   Myles  -----Original Message----- From: Robert martin [mailto:[EMAIL PROTECTED] Sent: Thursday, 25 September 2003 08:41 To: Multiple recipients of list delphi Subject: Re: [DUG]: MS Security problems We could do that (and may end up doing so) but we thought that we would actually follow MS recommendations to avoid problems with future windows versions.  If the MS way proves to be too much hassle we probably will end up doing that.     Rob Martin Software Engineer   phone 03 377 0495 fax 03 377 0496    web www.chreos.com ----- Original Message ----- From: Allan, Samuel To: Multiple recipients of list delphi Sent: Wednesday, September 24, 2003 4:54 PM Subject: RE: [DUG]: MS Security problems Why not just use your application's install directory, or some sub-directory? -----Original Message----- From: Robert martin [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 24 2003 4:34 p.m. To: Multiple recipients of list delphi Subject: [DUG]: MS Security problems Hi All   Our app has used the registry for storing settings but this causes problems on multi-user machines where some users don't have high enough access rights to save settings.  So we decided to change to storing settings in a simple INI.  We are using CSIDL_COMMON_APPDATA as recommended by MS. Guess what, same problem.  users don't have write rights.    MS help says... This folder should be used for application data that is not user specific. For example, an application may store a spell check dictionary, a database of clip-art or a log file in the CSIDL_COMMON_APPDATA folder. This information will not roam and is available to anyone using the computer. By default, this location is read-only for normal (non-admin, non-power) Users. If an application requires normal Users to have write access to an application specific subdirectory of CSIDL_COMMON_APPDATA, then the application must explicitly modify the security on that sub-directory during application setup. The modified security must be documented in the Vendor Questionnaire.   How do you do this in Delphi Code?  Any help would be appreciated.     Rob Martin Software Engineer   phone 03 377 0495 fax 03 377 0496    web www.chreos.com