Writing files to Root Folder c:\ in Vista

[Guest]

I have just installed VISTA Ultimate but programs that ran in Windows XP fail
because I cant write files on the C:\ folder. How can I make the C:\ folder
accept files written to it? I want to do this once so that all my programs
can run under VISTA.
Can I write a program in VB6 to automatically change the folder attributes
on the C:\ folder so that clients, who may install VISTA, won't have this
problem when I send them programs that need to write to the C:\ folder?

 

[Andrew McLaren]

I have just installed VISTA Ultimate but programs that ran in Windows XP
fail
because I cant write files on the C:\ folder. How can I make the C:\
folder
accept files written to it? I want to do this once so that all my
programs
can run under VISTA.
Can I write a program in VB6 to automatically change the folder attributes
on the C:\ folder so that clients, who may install VISTA, won't have this
problem when I send them programs that need to write to the C:\ folder?

Hi Bill,

You can change the permissions to the root directory manually, using the ACL
editor in Explorer (right-click C:\, choose Properties, then Security).

However, the root directory in Vista is write-protected for a Very Good
reason! Writing files to the root directory is a known and proven avenue
for viruses, trojans and other exploits. By weakening the security on the
root directory, you are increasing your clients' risk of infection.

By far the better solution, would be to investigate the programs trying to
write to the root, and see if you can configure them to write to some
acceptable location, such as %TEMP% or %APPDATA%. Writing files to the root
directory has been deprecated as a programming practice, for many years.
Applications which do this are bad programs. There's a limit to how far the
operating system needs accommodate these bad, insecure applications.

For example, one of my customers had a legacy application (c.1996) built on
top of the Borland Data Engine (BDE, aka Paradox Runtime). By default this
created files in the root, and thus failed to run on Vista. However, a bit
of tweaking in BDE Admin, changed the path from C:\ to C:\TEMP ... problem
solved! This was by far a better solution.

Amongst other things, if you're not extremely careful while changing
permissions on the root directory, the changes could cascade down the whole
directory tree, seriously eroding your overall security.

I'm sure you could write a VB6 app to do this; you'd probably need to
"Declare" GetSecurityDescriptorDacl() and related Win32 APIs from Lib
AdvAPI.dll. Or, it would probably be easier to do a ShellExecute(icacls.exe,
<params>). But distributing a program like this is tantamount to
distributing a virus, IMHO. It will weaken and possibly comprise the
security of the users' systems.

Anyway, if you want to experiment changing the root permissions, just modify
the root the same as you would any other directory: either in Explorer, or
via icacls.exe at the command line.

Regards,

 

[parabola]

another test. sorry guys...

Hi Bill,

You can change the permissions to the root directory manually, using the
ACL editor in Explorer (right-click C:\, choose Properties, then
Security).

However, the root directory in Vista is write-protected for a Very Good
reason! Writing files to the root directory is a known and proven avenue
for viruses, trojans and other exploits. By weakening the security on the
root directory, you are increasing your clients' risk of infection.

By far the better solution, would be to investigate the programs trying to
write to the root, and see if you can configure them to write to some
acceptable location, such as %TEMP% or %APPDATA%. Writing files to the
root directory has been deprecated as a programming practice, for many
years. Applications which do this are bad programs. There's a limit to how
far the operating system needs accommodate these bad, insecure
applications.

For example, one of my customers had a legacy application (c.1996) built
on top of the Borland Data Engine (BDE, aka Paradox Runtime). By default
this created files in the root, and thus failed to run on Vista. However,
a bit of tweaking in BDE Admin, changed the path from C:\ to C:\TEMP ...
problem solved! This was by far a better solution.

Amongst other things, if you're not extremely careful while changing
permissions on the root directory, the changes could cascade down the
whole directory tree, seriously eroding your overall security.

I'm sure you could write a VB6 app to do this; you'd probably need to
"Declare" GetSecurityDescriptorDacl() and related Win32 APIs from Lib
AdvAPI.dll. Or, it would probably be easier to do a
ShellExecute(icacls.exe, <params>). But distributing a program like this
is tantamount to distributing a virus, IMHO. It will weaken and possibly
comprise the security of the users' systems.

Anyway, if you want to experiment changing the root permissions, just
modify the root the same as you would any other directory: either in
Explorer, or via icacls.exe at the command line.

Regards,

--
---
Continued Success!

Brett Dix | Account Manager

OfferFusion, Inc
www.offerfusion.com
(e-mail address removed)
1530 140th ave ne ste-200
Bellevue WA 98005
d. 800.618.6838x711
f. 425.401.8808
c. 425.772.7942

 

[Guest]

Andrew, many thanks for your advice - I'll need to re-do a number of programs
and change the folder from 'root' to one of the ones you suggest. A very
helpful response - it is appreciated - Bill

 

[f/fgeorge]

Andrew, many thanks for your advice - I'll need to re-do a number of programs
and change the folder from 'root' to one of the ones you suggest. A very
helpful response - it is appreciated - Bill

Andrew's reasoning is why Mac's don't get viruses like Windows
machines do and why Vista is trying to change things around a bit.

 

[Andrew McLaren]

Andrew, many thanks for your advice - I'll need to re-do a number of
programs
and change the folder from 'root' to one of the ones you suggest. A very
helpful response - it is appreciated - Bill

Hi Bill,

I'm glad it was useful - especially as maybe not the answer you really
wanted

BTW to investigate this and other issues which can arise for developers of
applicationas running on Vista, I highly recommend:

The Windows Vista Developer Story: Application Compatibility Cookbook
http://msdn2.microsoft.com/en-au/library/aa480152.aspx

There's a ton of fascinating info there for the programmer, about Vista's
inner workings.

Good luck with it,