Windows 7 安全策略:如何允许我的 .NET 应用程序写入驱动器“C:”?
我的应用程序不应该执行任何管理任务,因此我希望普通用户帐户能够运行它。唯一的问题是,我的应用程序读取和写入数据库文件;如果运行 Windows 7(或 Vista)的用户将我的应用程序安装在驱动器 C 中,则该驱动器的默认权限集配置不允许我的应用程序写入数据。
如何允许我的应用程序写入 C:,而不需要完全的管理权限?
My application is not supposed to perform any administrative tasks, so I want a normal User account to be able to run it. Only thing is, my application reads from and writes to a database file; if the user running Windows 7 (Or Vista) installs my app in drive C, the drive's default permission set configuration doesn't allow my app to write data.
How can I allow my app to write to C:, without requiring full administrative privileges?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
如果数据库文件在安装时存在,您可以在安装过程中授予用户对该文件的写入权限(默认情况下普通用户没有此权限)。如果该文件需要由程序创建,则运行该程序的用户将需要修改 c 驱动器上的权限,这不是我建议的做法。
If the database file exists at install time you can just grant the user write access to the file as part of the installation process (ordinary users do not have this permission by default). If the file needs to be created by the program the user running the program will need modify permissions on the c drive, which is not something that I would recommend.
我建议将您的数据库文件存储在 Documents and Settings / App data / your app / 目录中。它是专门为此目的而存在的。写入 C:/Program Files 并不是一个好的做法。如果这对你来说是可能的,那就是。
I'd suggest storing your db file in Documents and Settings / App data / your app / directory. It exists specifically for this purpose. Writing to C:/Program Files is not so good practice. If that's possible in your case, that is.
您需要打开UAC(用户帐户访问)并将安全滑块设置到底部。然后您就可以像在 Windows XP 中一样访问驱动器 C:。
You need to open UAC (User Account Access) and set security slider to the bottom. Then you can access drive C: as you did in windows XP.
我决定在安装过程中修改目录权限,因此我创建了一个 .exe 文件来更改其启动路径的权限,并授予所有用户访问该路径的权限。我只是将该 .exe 文件包含在我的部署项目中,并创建了一个自定义操作,该操作将在安装的提交阶段运行该文件。
因为安装程序在安装时要求用户提供管理权限,所以我的.exe也享有管理权限,可以修改安装目录的权限。
在我的 .exe 中,我使用 Process 实例来运行 Windows 附带的 ACL 实用程序 (icacls.exe),如下所示:(
[TargetDir] 不以“\”结尾,否则调用将失败。)
确保 为所有用户提供对目标目录的完全控制访问权限。
我也可以编写 .NET 代码并手动更改目录权限,但我有点懒!
然而,您可能需要彻底检查您的环境条件,以便您所做的事情不会成为您环境中的安全漏洞;但这很适合我。
我希望这可以帮助遇到同样问题的其他人。
I decided to modify directory permissions in the setup process, so I created an .exe file that changes the permissions of its start-up path, and gives all users access to that path. I simply included that .exe file in my deployment project, and created a Custom Action that would run the file in the Commit phase of installation.
Because the setup asks the user for administrative rights when it is being installed, my .exe also enjoys administrative privileges and can modify the permissions of the installation directory.
In my .exe, I used a Process instance to run the ACL utility shipped with Windows (icacls.exe) as follows:
(Make sure that [TargetDir] doesn't end with a "\" or the call will fail.)
This gives all users full control access to the target directory.
I could also write .NET code and change directory permissions manually, but I'm a little lazy!
You may however want to inspect your environment conditions thoroughly so that what you do wouldn't become a security hole in your environment; but this was suitable for me.
I hope this helps others who faced the same issue.
默认情况下,用户应该具有对驱动器 C: 的写入权限,如果没有,则需要将读取和写入的目录更改为执行目录(C:/Program Files/Your App/)而不是根目录C 的:
你可以通过
The user by default should have write permissions to drive C:, if not, then you will need to change the directory you read from and write to, to the executing directory (C:/Program Files/Your App/) rather than the root of C:
You can get this by