I want to display icon overlay in user context and my software installs without admin access.
Is it possible?
No, this is not possible icon overlays are system level refer to http://msdn.microsoft.com/en-us/library/windows/desktop/hh127455%28v=vs.85%29.aspx
Notice that you need admin access to add the keys mentioned in the link as well as the registry path in HKEY_LOCAL_MACHINE which will enable the effect all users. This behavior is the same for Windows Vista, 7 and 8.
No, you cannot register your overlay handler without admin access, but since explorer.exe runs with current user's credentials, you can implement some configuration checking in order to display the overlay (or not).
For example, you can check for a particular key under HKCU or for a configuration file under %APPDATA% folder.
Related
I have a program that read and write registry files in order to remember window position etc. This is very simple when it comes to just being the administrator but not so much when you are just a user on the system.
I use advanced installer if you have any cool suggestions on that end.
Where should register parameters be located in order for each user to use my application with their own registry values?
Is that path general enough so the program can locate that folder without running into issues?
Edits/Updates:
Question 1: Where are you putting things if not in HKEY_CURRENT_USER?
Answer: When i put the files under HKEY_CURRENT_USER it would only place it under that user. So if I were to install the program as administrator, it would only be that user that has the files. As i'm using advanced installer, i'm unsure if that falls under some settings value.
Statement 1 from Bogdan Mitrache:
If you prefer, you can also leverage the self healing support from Windows Installer (supported by Advanced Installer too) to have the installer write the default settings under HKCU for each user launching the app, even if installed by the administrator. Here is an example with files, but it applies for registry too: advancedinstaller.com/user-guide/qa-self-healing.html
Response: This is a good solution except for the issue that I have a conditional installation. The user can choose to install one or the other feature where both of them uses these registry values. This is probably why it is not working for me. I'm going to look over duplicating the files in a logical sense in AI.
The correct way to handle this is to store default values (such as during installation) in HKEY_LOCAL_MACHINE (if at all), and then later store user-specific values in HKEY_CURRENT_USER.
When the app needs to read a value, check in HKEY_CURRENT_USER first, and if not found then check in HKEY_LOCAL_MACHINE (or use a hard-coded default).
When the app needs to store a value, store it only in HKEY_CURRENT_USER.
And yes, this does mean that if your app is being run by an admin, by default it is going to read the value from the admin's key, and store the value in the admin's key. And that is perfectly OK, because the admin is the user of the app at that time. If the app is being run by a non-admin, then the values will be relative to that user instead.
In a situation where the app is running as an admin user but needs to read/store a value in another user's HKEY_CURRENT_USER key (for instance, when a non-admin user is logged into Windows and the app is running with UAC elevation using another user's login), then the app can open the HKEY_CURRENT_USER key of the other user by either:
impersonating the other user and then using RegOpenCurrentUser().
load the other user's profile by using LoadUserProfile(), which returns a handle to the loaded user's HKEY_CURRENT_KEY key (amongst other things).
If you want to access another user's HKEY_CLASSES_ROOT key instead of HKEY_CURRENT_USER, you can use RegOpenUserClassesRoot().
I am trying to set permission on an application as read/execute only, I can achieve this by using c++ windows SetSecurityDescriptorDacl() function.
But after that admin can change it by right clicking on a file
properties->security->advanced->Change Permission
But somehow antivirus prevents these charges on their application as shown in below image
parts of my application suite (client + updater) needs administrator rights for correct behaviour. My client application uses QDesktopServices::storageLocation() in various places to get the correct user profile path for saving user specific data. But as soon as im using QDesktopService::storageLocation() in an elevated application the path changes to the admin user, which makes it difficult to control.
Like from "C:\Users\basic_user\AppData\Local" to "C:\Users\admin\AppData\Local".
Is there a way to deal with this with qt or is my only possibility to use the WinApi?
What is the "right way" when facing the scenario of having an elevated app but one still needs to operate in the user space.
regards,
adrian
I have downloaded a 3rd party plugin for Joomla (Breezing Forms). I have created a new user for my Joomla instance who only has access to certain privileges. Breezing Forms is the only component they can use.
I have set these settings correctly from the super user, there is one action, "Configure" which I have set to "allow" for my specific user type.
Now when I log in as that user, I cannot see the components menu (I have disallowed all other components).
But if I navigate to the component:
http://domain.co.uk/administrator/index.php?option=com_breezingforms
Then I can access the page.
I have tried denying access, then trying to access the page and it rightfully prevents me from using it, so the ACL privileges are working, but there is an issue with it displaying in the menu.
I am using Joomla 2.5
Thanks,
Ian
Usually a component has two permissions which deal with that kind of stuff.
core.manage (Access Administration Interface) allows access to the component in the backend. This means the menu item is present in the Components menu.
core.admin (Configure) allows to set the options for this component.
So make sure you have set the correct permissions in BreezingForms. You probably want to have core.manage (Access Administration Interface) and not the other one. Also if you set the Configure one, make sure you also enable the manage one. It doesn't make much sense otherwise.
Can we disable editing for a specific registry key used by our application. I want only my applicaton to make changes into the registry and other cant see or edit them.
Yes and no.
The registry acts as any other file on the system. You can set specific access modifiers on each key. So if you set the access keys so that only a certain user can see/edit them that is what will happen. For that to work though, your program will have to run impersonated as that user.
If a user starts another program or regedit as the same user, he will also be able to modify/see that key.
An administrator will always be able to see/modify that key. Even if he's not the owner and the admin rights have been removed, he can still make himself owner again.