SIMIN Posted May 2, 2008 Posted May 2, 2008 Hello, My application failed on a test for Certified for Vista Logo program, here is the details of test: ---------- Expected Behaviour: 1. The application must not allow the Least-Privileged user to save any files to Windows System directory in order to pass this test case. 2. The application must not edit the ACLS of the �%SYSTEMDRIVE%\Windows� directory in order to pass this test case NOTES: 1. The application must prompt user with a message indicating that the user does not have permission to save files to this location in order to pass this test case. Observed Behaviour: Status: Fail 1. The application doesn�t allow any Least-Privileged user to run and use it. 2. When we run the application and execute some operations and then click �save as� and �save� buttons, we find there is no response. STEPS: 1. Logon on to the machine as logouser1. 2. Right Click on �%SYSTEMDRIVE%\Windows� directory a. Choose Properties from the context menu b. Click Security Tab c. Verify ACLS on Users group are checked as: i. Read & Execute ii. List folder contents iii. Read 3. Launch the application. 4. If the application allows the user to create, save, open�etc files, create a new file and attempt to save the file to the Windows System directory (%Windir%). 5. Recheck ACLS on the above directory ---------- I am writing in VB.NET 2008 and therefore set the requestedExecutionLevel to requireAdministrator and uiAccess="false". My question is just that how can I force my application to prompt user with a message indicating that the user does not have permission to save files to this location in order to pass this test case???!!!:confused: Quote
Administrators PlausiblyDamp Posted May 3, 2008 Administrators Posted May 3, 2008 What currently happens if the user attempts to save files to the %windir% folder? Are you catching any errors thrown when attempting to save files but not relaying the information to the user? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
SIMIN Posted May 3, 2008 Author Posted May 3, 2008 Currently user CAN save document to the Window directory without any problem, and this is the problem! Although my application that is running with full permission CAN save to the Windows directory as well, but it should not! Because according to the Microsoft guidelines it's not OK to save there! However, Before a save, I must check the output path, if it's inside the �%SYSTEMDRIVE%\Windows� directory I should not proceed with save and just give user a message. But it's not for all users. Just for Least-Privilege users! So the question is that how should I detect Privilege level of user for this purpose? Thank you for your help :) Quote
Administrators PlausiblyDamp Posted May 3, 2008 Administrators Posted May 3, 2008 If a non-administrator runs your application what happens when they run the application and then attempt to save something to the windows directory? Does the Vista UAC prompt appear when the app is first run? Is this application specifically intended for editing or creating things in the windows folder? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.