Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need File association with RunAs


  • Please log in to reply
12 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:48 PM

Posted 24 February 2011 - 10:21 PM

Windows XP question about enhancing OpenWith file association

I have an application, lets call it App.exe. (Totally safe, no internet needed)
App.exe loads a driver, let's say driver.sys. It's normally in the directory where App.exe, but can also by in system32.
Files that App.exe creates have a file extension, let's say it's ".xyz"
Windows knows that .xyz files are to run App.exe (shell/command/open in registry)

When I am an administrator type,
When I double click on .xyz file, App.exe runs and all is well. I can edit .xyz file, use it, resave, everything is fine.

When I am a limited user (as I like to be most of the time for security),
No issue running App.exe using RunAs and opening the file.xyz, but that's primitive and a nuisance.
When I double click .xyz file, App.exe runs, but the driver can't load. So only parts that don't require that driver work.

Is there a solution to something like that?
I googled and googled, and all I find is registry tweaks in Win7 about how to make RunAs for the .exe file. Not for the files it opens. And not for XP.

Edited by tos226, 24 February 2011 - 10:27 PM.


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 AM

Posted 24 February 2011 - 10:31 PM

As I understand you, you're asking if there's a way for a limited user account to load a driver? If so, then no there isn't. That would present an enormous security hole.

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:01:48 PM

Posted 24 February 2011 - 11:47 PM

That would present an enormous security hole


:offtopic: (By me) Ya THINK?

@ tos226: BleepIN--BleepOUT :hysterical:


EDIT TO CLARIFY: I posted the above comment because I like the OP's byline, I think it's clever & funny, NOT to ridicule the Op in any way shape or form, though I should have noted that before. My apologies if offense was taken, I assure you that was NOT my intent.

Edited by Union_Thug, 25 February 2011 - 12:14 AM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:48 AM

Posted 24 February 2011 - 11:59 PM


That would present an enormous security hole


:offtopic: (By me) Ya THINK?

@ tos226: BleepIN--BleepOUT :hysterical:


Say what???? :lmao:

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:48 AM

Posted 25 February 2011 - 05:51 AM

When I am a limited user (as I like to be most of the time for security),
No issue running App.exe using RunAs and opening the file.xyz, but that's primitive and a nuisance.
When I double click .xyz file, App.exe runs, but the driver can't load. So only parts that don't require that driver work.

Is this all hypothetical or is this related to ACTUAL programs ?? :huh:
I find it easier to give Real replies to Real questions - :scratchhead:

#6 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:48 PM

Posted 25 February 2011 - 01:34 PM

@ Union_Thug:
:) :)

@ noknojon, Andrew:

Not hypothetical. Real. I just renamed things for privacy reasons.

The driver works on parallel port to which is connected a piece of hardware at home to be controlled. Totally harmless. It's old. It's safe. It does the job.

The alternative is to run with administrator rights much of the time. That I see as much more dangerous than for one application. I'm bound to forget who I am and go on the net with all the privileges of an administrator.

So, is there a way to improve the file association the way I'd like it to be?

#7 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 AM

Posted 25 February 2011 - 01:48 PM

You could set the "requestedExecutionLevel" parameter to "requireAdministrator" in App.exe's manifest. Refer to the tables on this page for info on what happens with "requireAdministrator" and various user account levels.

#8 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:48 PM

Posted 25 February 2011 - 02:26 PM

@ andrew,
Interesting link. Thank you.
While it is for Vista, not XP, I think it still refers to what RunAs does, not running the application by clicking the file. But there are hints of what I need.
Anyway, just reading this tells me
1. search keywords to ggogle by
2. an old application in unknown language might be rough to retrofit with manifests. I didn't write it :(

#9 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:48 PM

Posted 26 February 2011 - 02:32 PM

Are you using simple file sharing/security settings? If not go to the security tab of the folder that App.exe is in and give the limited user account full control of that folder.
Get your facts first, then you can distort them as you please.
Mark Twain

#10 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:48 PM

Posted 26 February 2011 - 07:30 PM

I am using simple filesharing because it is XP-Pro and I am not part of of a domain. Ergo: simple filesharing. [And in that situation access to full premissions for groups and users is not even existing. There is no Security tab as exists when you are a part of domain]

Please explain. I really want to understand this. What does file sharing have to do with my question? Also, please remember, my question has to do with double clicking the .xyz file created by App.exe, and subsequently, I guess, the driver can't be used because Windows is defeating me when I do not have admin rights. Oh, I am the owner of all these files.

Quoting myself, from the first post

When I double click .xyz file, App.exe runs, but the driver can't load. So only parts that don't require that driver work.



#11 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:48 PM

Posted 26 February 2011 - 11:33 PM

When you turn of simple file sharing in the tools-folder options tab it allows you to modify the NTFS permissions(you will have a security and sharing tab) for the various folders. This of course assumes that you are using ntfs....if you're not you should be.

The thought process is that programs and their related components are controlled by the user access level(admin, standard, ect.). The only real difference between these levels is the permissions they have to do things in the various folders and windows components. You may be the owner of the files you want to open but you cannot be the owner of the program files which is where the true problem lies because of the driver. Since the driver is located in the app.exe folder then applying full control permissions to the folder for the standard user MIGHT give you the result you are looking for.

Best part of this would be if you find it doesn't work all you have to do is re-enable simple file sharing and you are right back to where you are now...no harm...no foul.

edit: to modify the permissions add you user name to the list and give it the full control permission. you will need to be logged in with admin rights to do all of this.

Edited by Baltboy, 26 February 2011 - 11:34 PM.

Get your facts first, then you can distort them as you please.
Mark Twain

#12 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,569 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:48 PM

Posted 28 February 2011 - 08:26 PM

The thought process is that programs and their related components are controlled by the user access level(admin, standard, ect.). The only real difference between these levels is the permissions they have to do things in the various folders and windows components. You may be the owner of the files you want to open but you cannot be the owner of the program files which is where the true problem lies because of the driver. Since the driver is located in the app.exe folder then applying full control permissions to the folder for the standard user MIGHT give you the result you are looking for.

Very interesting reason. I followed your steps, and it didn't work when double-clicking the file. I guess I have to live with it. Maybe they (MS) never thought of propagating administrator rights from the executable to the open-with association when device drivers are involved.

Neat side effect of this experiment: I see the Security tab again as I see at work. So it was simple filesharing that made it invisible. Thanks.

#13 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:12:48 PM

Posted 28 February 2011 - 09:34 PM

Worth the try. Actually the fault of the program working falls with the programmer. many of the programs that require administrator rights could have been written to run just as well under standard user rights, something Microsoft has been asking programmers to do for years.
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users