Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

_wopen and Vista security

Back to Forum: Tech Off
  • User profile image


    Using an Admin account on Vista, if I use _wopen to create a file on the root of my c: drive (for example, c:\foo.txt), the call fails and errno contains EACCESS.

    If I copy a file to c:\ using the Vista explorer itself, I get prompted by the OS to approve the copy.

    I don't get this OS prompt when I use _wopen.

    If I use Win32 file system calls instead of C Runtime calls to, for example, create a file, will Vista show the user the permission dialog?

    Also, is there online documentation/tips that addresses this kind of issue?


  • User profile image

    A followup note, and a followup question:

       I tried the Vista version of WordPad and the latest version of MS Word on Vista. If you try to save a file to c:\, they don’t show the grant-permission dialog. Instead, they show a dialog that says you don’t have permission to write to that location, to ask the administrator to give you permission, and they also ask if you instead want to save the file to the Vista equivalent of your My Documents folder.

       Upon determining that there was a permission issue with the file operation, is there a way to ask Vista to show its standard permission dialog, in order to allows the user to approve the file operation?


  • User profile image

    In order to create a file in the root of the C: drive on Vista you need to be running with elevated permissions. In the case of Explorer, it sees the write is going to fail and thus starts a new elevated  process to perform the file copy. The creation of this new process causes a UAC dialog to appear.

    The reason you aren't seeing this in your application is because it is already running without Administrator credentials. A process cannot be elevated once it has started and therefore the file creation just fails. If you want to create a file there you have to launch a new process, indicating that it needs to run elevated, in order to do so. You also need to be able to cope with the fact that this may not succeed - if the user isn't an Administrator or refuses the UAC elevation.

    Generally speaking you should never write directly to c:\

  • User profile image

    lagouyn, if you want to investigate the ramifications/"how-to" of running with Administratrive privileges at the API level, check out this section on MSDN:


Conversation locked

This conversation has been locked by the site admins. No new comments can be made.