Windows 2000 / Win XP "Restricted Mode" Does it exist?

  • Thread starter Thread starter Marty Egan
  • Start date Start date
M

Marty Egan

My apologies for cross-posting this one. I did it because this
question crosses a lot of boundaries, and I don't know what this
vendor is talking about, so am not sure how to narrow it down.

We have a large distributed application here that includes an agent
running on remote systems - "Service Agents" (SA). The SA perform
network tests and upload results to a web server. The results are
temporarily buffered on the SA until it is ready to upload them. In
the previous version of this app, the buffered test results (and the
SA log file) were stored in "C:\Program Files\Service Agent", which is
the application's directory. In the new version, the results and log
file are kept in "C:\Documents and Settings\All Users\Application
Data\APPLICATIONNAME\". Obviously, I've taken my company and the
product names out of the above paths. I've also modified the vendor's
responses below to remove the vendor's name and so on, but the
meanings are substantially the same.

Below are the vendor's explanation(s), which I think are hogwash. My
guess is that there is maybe a Win2k / XP logo requirement that they
are following, but that they are explaining the change as this
"restricted mode" thing (see attached) to sound more knowledgeable
than they really are.

Could anyone give me their take on this?

Is this "restricted mode" documented in the MS SDK or any MS security
documentation? I have already tried searching Google (normal) and
Google Groups.

Thanks

Marty Egan



##########################################
Here's a paragraph from their documentation
##########################################

Windows - Restricted Mode
Windows 2000 and Windows XP include a Restricted Mode which does not
allow the editing of any files under the Program Files directory. This
prevents the agent from writing any output into its installation
directory under Program Files. As a result, on Windows 2000 and XP the
agent writes its output under the
application data directory, for example:

C:\Documents and Settings\All Users\Application Data\APPLICATIONNAME\




####################################################################
Here's their email respose to us (when we queried their Tech Support)
####################################################################

Dear Customer,

The buffer file is located in the C:\Documents and Settings\All
Users\Application Data\APPLICATIONNAME\ directory on Windows 2000 and
WinXP because of the

their restricted mode setting which doesn't allow the editing of the
files under Program Files.


Thanks,

Customer Support Agent

############################
Here's their email back to us:
############################
 
in some corporate & educational enviroments that I have met, this is the
case. ie no write access to c:\program files.
 
in some corporate & educational enviroments that I have met, this is the
case. ie no write access to c:\program files.
For what it is worth, I noticed at home I have XP and 98SE networked. I can not access the program files directory on my
xp machine from my 98se machine. When I try to share it, it says this is an operating system directory and can not be
shared.

So, I think this is "for real" to some degree.

FYI, and HTH and HAND
Jeff Kish
 
Back
Top