Set access permission on an application as antivirus do - c++

I am trying to set permission on an application as read/execute only, I can achieve this by using c++ windows SetSecurityDescriptorDacl() function.
But after that admin can change it by right clicking on a file
properties->security->advanced->Change Permission
But somehow antivirus prevents these charges on their application as shown in below image

Related

Google Cloud doesn't allow me to create my first project with admin role

I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.

IIS AppPool user permissions not working

I'm moving a PHP app from IIS7 to IIS8.5 on Win2012 R2. The app runs in its own application pool (MyPortal) and needs write permission on a sub-folder to create PDFs. So I assign Modify or Full Control permissions to IIS AppPool\MyPortal on the local machine, however the app is still unable to write to the folder. The only way I have found to allow it to do so is by giving Modify access to the local USERS group, which I'd rather not do (although I have no choice ATM).
The php-cgi.exe process is running under the MyPortal identity, but somehow isn't picking up the permissions I have assigned to the MyPortal user on the folder. The PHP process is doing a simple fopen command $file = fopen($tmp_filename,"w");.
I saw this similar post https://serverfault.com/questions/570033/iis-iusrs-and-defaultapppool-permissions-do-not-work which suggested it may be a permissions caching issue, solved by a reboot, but that's not worked in this instance.
Any suggestions as to what's wrong?
You've got it #Jan Reinlink. Anonymous Authentication needed setting to 'Application identity pool'. I had assumed that because the PHP process was running as MyPortal it was using the same permissions.

ColdFusion Font Management with a non-administrative account

In the interest of making my ColdFusion 9 server more secure, I recently changed the "Log On" account for the CF Application Service to a non-administrative account. Everything is working fine with one exception: Fonts are no longer available through the "Font Management" tools in CF Administrator. This came up because I use CFDocument to render .PDF files and with the non-admin account they went to using only Times New Roman as the font. I've made sure that the service account I created had Full Control rights to the Windows Font directory, and I even copied all the fonts to a non-Windows directory and tried to add them from there. In both cases, the fonts cannot be added using the Font Management tool and do not render in CFDocument. I get no error when attempting to add the fonts - just a blank screen. Only thing I can find in the logs is a reference to org/jpedal/exception/PDFFontException.
Anyone out there had experience using a non-admin account to run CF Application Server and what I need to do to get the fonts to work properly?
Can you try giving permission to \ColdFusion9\wwwroot\CFIDE\administrator\settings or \ColdFusion9\wwwroot\CFIDE\administrator\settings\fonts.cfm?

Can we register icon overlay at user level?

I want to display icon overlay in user context and my software installs without admin access.
Is it possible?
No, this is not possible icon overlays are system level refer to http://msdn.microsoft.com/en-us/library/windows/desktop/hh127455%28v=vs.85%29.aspx
Notice that you need admin access to add the keys mentioned in the link as well as the registry path in HKEY_LOCAL_MACHINE which will enable the effect all users. This behavior is the same for Windows Vista, 7 and 8.
No, you cannot register your overlay handler without admin access, but since explorer.exe runs with current user's credentials, you can implement some configuration checking in order to display the overlay (or not).
For example, you can check for a particular key under HKCU or for a configuration file under %APPDATA% folder.

Creating Firewall rule for a process running in a Non-admin user account

I have a basic requirement - to run my application smoothly on Windows by creating firewall rules when prompted, that has windows firewall turned-ON.
When I log in to my system as an user with Admin privileges when I run my application the first time, the firewall comes up with a prompt, I inform it to allow my app and create a rule, nice.
However when I turn-on my PC, log in as a non-Admin user, and I run my application, the firewall shows up with a prompt as expected; however when I click on the same options as I did from the Admin user, the firewall prompt keeps popping up continuously even though I clicked on Allow /ok every time the prompt appears. The prompt only goes away when I click on "Cancel / Block" the application from running, which is obviously not what I want to do.
So here comes the million $ question, What and How should I change my application code to run smoothly by creating the firewall rule successfully the first time I click on the firewall prompt to allow my application; exactly the same way it is working when I run my application as an user with Admin privileges.
I have done my bit of searching online and have come to understand that Non-admin users cannot modify firewall rules (cannot even create them???). BTW I have tested this scenario on Windows XP, Vista 7 both x86 and x64 with same results.
If someone has encountered and / or solved similar issues please share your knowledge. If I am missing something, please make me understand what I am missing.
Thanks
I don't think what you are trying is possible in a non-admin account. What you may try is to gain admin privilege by using the windows runas feature by creating a new process, so that the user is prompted for the username and password of the Admin Account, which would give your program the required access to create firewall rules for your program.
You may also take a look into CreateProcessAsUser or LogOnUSer . Basically in order to succeed in what you are trying to do, you need a token that represents the Administrator account or an account which has admin privileges.