save files on root of sys drive

  • Thread starter Thread starter cn
  • Start date Start date
Not only can you not do so, you should not do so. It's widely considered to
be bad practice.

-- Dave
 
I know, I just wanna know how to control it. I could not find anything about
it in security policy. Cannot I customize it?
 
Very bad idea. Only properly credentialed admins should be creating
directories or files in the root directory. You can overwrite boot files
with viral code if anyone can do it. Look at most of the various forms of
Unix/Linux, and mainframe OSes. The user can create a file if needed by
running his program with a manifest that requires it to have admin rights,
but only for the few that need it. I suspect there is an API for a program
to ask UAC to prompt for rights for the duration of that need, but most of
the time it should remain a standard user.

P.S. I can think of no valid reason for Microsoft Word to have admin rights
to edit/create documents. With all the exploits in Office, why would you
let it?
 
Hi,

cn indicated he/she was aware of the dangers of doing this, I was merely
providing the means. Part of the security design is to keep a user's files
within their profile, but a percentage of users will always want to do
something different, even if it poses a danger to them.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org
 
Rick Rogers said:
Hi,

cn indicated he/she was aware of the dangers of doing this, I was merely
providing the means. Part of the security design is to keep a user's files
within their profile, but a percentage of users will always want to do
something different, even if it poses a danger to them.

The problem is it's 2006, not 1996. In a globally connected world it's not
just putting *your* computer at risk anymore. Even more, chances are if your
computer gets infected it will serve as a drone in somebody's botnet. Which
doesn't nesessary mean any particular damage to your computer whatsoever
because it need to be up and running to serve it's new master.
When you realise that you will probably be not so open in providing advises
that can help circumvent OS security, ignore security best practices and
even common sence.
 
I hate keeping my files within my user profile. The path is long and a real
pain in the posterior. I do create files in directories off the root and
you can grant access to just one person, group, or several persons/groups if
you are running NTFS. Sometimes you have to tell the user that you won't
help because what he wants is just stupid. With Microsoft finally using
some of the ideas that Unix has had for twenty years, we don't need to
revert to MS-DOS or Windows 95. We might have a chance of eliminating some
of the current problems of the wild, wild, west (internet).

Getting users just to use a hardware firewall router seems to be a struggle.
Keeping a current antivirus running seems to be another problem for many
users. They buy a computer with NAV or some other installed with a 90 day
trial. Then, they ignore the popups and four years later when someone calls
me, they are infected with spyware and viruses. Of course, no computer
today comes with even a short handbook on proper practices and if they did
most would not read it.
 
David J. Craig said:
The path is long and a real pain in the posterior.

That's why they changed %userprofile% to c:\Users\<username> and dropped all
My's in special folders names.

On the same token, it's funny you should mention "Unix ideas" since it uses
same scheme for storing user data.

Do you use *nix? Do you create additional folders under root folder to store
your stuff?
 
I use Linux some now, but lately have been using Windows Server 2003 x64. I
have done with FreeBSD in the past. I sent my third system home this spring
so I would have one available when I am there. I am starting on another
system here, but want to wait until some of the new chips come out and
prices drop to reasonable levels.

I do create other directories under my user dirs in the *nix OSes and have
done so since the days of Cromix which was on a Cromemco System 2, z80
processor, with three 64kb memory cards. On XP I keep a "My Documents"
folder off the root for most of my word, excel, pdf, etc. docs. I also have
a pictures subdir with more subdirs for specific types of pictures. Other
subdirs for other various files that don't work somewhere within other parts
of the tree. It just makes it easier to backup one dir off the root. It
can go on DVDs and external HDs. I keep programming code in other
directories not in that tree, but usually on drives other than the
system/boot drive.
 
Back
Top