Bill Armitage said:
I have just installed VISTA Ultimate but programs that ran in Windows XP
fail
because I cant write files on the C:\ folder. How can I make the C:\
folder
accept files written to it? I want to do this once so that all my
programs
can run under VISTA.
Can I write a program in VB6 to automatically change the folder attributes
on the C:\ folder so that clients, who may install VISTA, won't have this
problem when I send them programs that need to write to the C:\ folder?
Hi Bill,
You can change the permissions to the root directory manually, using the ACL
editor in Explorer (right-click C:\, choose Properties, then Security).
However, the root directory in Vista is write-protected for a Very Good
reason! Writing files to the root directory is a known and proven avenue
for viruses, trojans and other exploits. By weakening the security on the
root directory, you are increasing your clients' risk of infection.
By far the better solution, would be to investigate the programs trying to
write to the root, and see if you can configure them to write to some
acceptable location, such as %TEMP% or %APPDATA%. Writing files to the root
directory has been deprecated as a programming practice, for many years.
Applications which do this are bad programs. There's a limit to how far the
operating system needs accommodate these bad, insecure applications.
For example, one of my customers had a legacy application (c.1996) built on
top of the Borland Data Engine (BDE, aka Paradox Runtime). By default this
created files in the root, and thus failed to run on Vista. However, a bit
of tweaking in BDE Admin, changed the path from C:\ to C:\TEMP ... problem
solved! This was by far a better solution.
Amongst other things, if you're not extremely careful while changing
permissions on the root directory, the changes could cascade down the whole
directory tree, seriously eroding your overall security.
I'm sure you could write a VB6 app to do this; you'd probably need to
"Declare" GetSecurityDescriptorDacl() and related Win32 APIs from Lib
AdvAPI.dll. Or, it would probably be easier to do a ShellExecute(icacls.exe,
<params>). But distributing a program like this is tantamount to
distributing a virus, IMHO. It will weaken and possibly comprise the
security of the users' systems.
Anyway, if you want to experiment changing the root permissions, just modify
the root the same as you would any other directory: either in Explorer, or
via icacls.exe at the command line.
Regards,