« Construction Toy at the Imagine Children's Muesum | Main | Cars Vs. Software »

December 10, 2004

Running as Non-Admin, Day 10

OK, the non-admin experiment is doing so well I really don't need to blog about it anymore.

Hit one snag the other day. When I download stuff off the web (like .exe installers) I usually save it in C:\. I tried and I didn't have permissions in C:\. Turns out it was owned by the Administrators group, which I was no longer a member of, and random authenticated users didn't have write permission (they did have read). The same was true for the various system directories.

So I brought up Internet Explorer running as local Administrator and tried to modify the ACL on C:\. Except the UI doesn't really show it as C:\, it shows it as "Local Disk (C:)". And no changes to the ACL actually take effect -- it lets you make the changes in the UI, but choosing Apply doesn't really change them.

I tried other directories and it works, and I tried in regular Explorer (not IE) and it behaves the same way, so I'm not sure what is up.

Modifying ACLs is a tricky thing to specify from the command-line due to their complexity. I could probably do it with cacls.exe, but there are risks -- like the sun going supernova before I figure out how to make it work. Monad has get-acl and set-acl cmdlets, but they return/consume a .Net FileSecurity object which you would then need to use methods to crack open and modify -- Monad would allow it, but again it would be tricky to figure out exactly how.

So instead, I just put the file in c:\temp, and it all works. Probably better anyway, but if anyone knows how to use the UI to set the ACL on the root directory of a disk, I'm interested.

Posted by AdamBa at December 10, 2004 06:13 PM

Trackback Pings

TrackBack URL for this entry: