Folder ACL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello All

In .NET Framework 3.5 (VS 2008) it makes life easier to set ACL's. I can do
for any user in the current machine except SYSTEM

What I am trying to do is "Write Access Deny" SYSTEM to the current user's
(or everyone's) SENDTO folder

Also want to be able to check to see if it's already set on program startup

Any advice would be much appreciated
 
Patrice,

Thanks for the reply

I am try to prevent a SENDTO icon created when an application installs or
runs. Example: Skype & other applications

If I write deny administrators then the icon is created still because it's
running at system level. To block it I want to block system level access
(write deny) only

The document you linked to only goes upto Windows 200/2003 Server whereas I
am doing it on standalone XP Pro & Vista. Maybe, Microsoft haven't got
around to updating the write-up, who knows?

With Vista, I need to get around the UAC too. Of course I can set the DWORD
but until reboot it will still prompt the user to allow this...

When I get around to it I want the same as a GPO for a 2003/2008 domains,
but that's in the future. Maybe a startup script calling the application
will be enough
 
SPAMCOP said:
I am try to prevent a SENDTO icon created when an application
installs or runs. Example: Skype & other applications
Click to expand...

Have you let Skype & other applications know that you are not happy with
this behaviour in their installers? If no-one tells them, they are unlikely
to make it an (off-by-default, hopefully) option.

How about a startup script that deletes any non-approved items from the
user's Send To folder?

Andrew
 
Andrew,

Thanks for replying

Yes I let them know well over a year ago & they change their installer
program because of the C++ error cannot create icon & their installer fails

I wrote a program around 3 years ago to stop it. Was written in 2003 VB.NET
& got 12, 000 downloads a week, but now they have changed their routing to
do it at system level so I want to change the program to do that instead of
administrators & current logged on users

A script isn't going to be no use unless on the domain because 99% of the
users will be on a stadalone system

If you look at the new Skype it even changes the Program Files folder for
Skype to another. They have to learn to stop trying to take over the user's
machine
 
Back
Top