« Construction Toy at the Imagine Children's Muesum | Main | Cars Vs. Software »
December 10, 2004
Running as Non-Admin, Day 10
OK, the non-admin experiment is doing so well I really don't need to blog about it anymore.Hit one snag the other day. When I download stuff off the web (like .exe installers) I usually save it in C:\. I tried and I didn't have permissions in C:\. Turns out it was owned by the Administrators group, which I was no longer a member of, and random authenticated users didn't have write permission (they did have read). The same was true for the various system directories.
So I brought up Internet Explorer running as local Administrator and tried to modify the ACL on C:\. Except the UI doesn't really show it as C:\, it shows it as "Local Disk (C:)". And no changes to the ACL actually take effect -- it lets you make the changes in the UI, but choosing Apply doesn't really change them.
I tried other directories and it works, and I tried in regular Explorer (not IE) and it behaves the same way, so I'm not sure what is up.
Modifying ACLs is a tricky thing to specify from the command-line due to their complexity. I could probably do it with cacls.exe, but there are risks -- like the sun going supernova before I figure out how to make it work. Monad has get-acl and set-acl cmdlets, but they return/consume a .Net FileSecurity object which you would then need to use methods to crack open and modify -- Monad would allow it, but again it would be tricky to figure out exactly how.
So instead, I just put the file in c:\temp, and it all works. Probably better anyway, but if anyone knows how to use the UI to set the ACL on the root directory of a disk, I'm interested.
Posted by AdamBa at December 10, 2004 06:13 PM
Trackback Pings
TrackBack URL for this entry:
http://proudlyserving.com/cgi-bin/mt-tb.cgi/106
