Ordinary users can't update MDB files installed in same directory as app

Hot Topic

Unable to Connect to SQL Database when i Install my Application on Clients system....
Selecting a record from Data Grid
Compiler doesn't accept correct syntax
VBUpgrade utility problem
spectra credit card device prints out the credit amount of previous transaction
dlookup Newbie Troubles
MSScriptcontrol And VB 2005
Blair Allen Stark
How can I change all images in all pictureboxes?
XmlWriter: what's wrong with this code? VB.NET 2005 beta 2

Visual Basic

[Newbie question] How to create executable.
Copying GDI+ graphics object
Virtual PC 2004
Unhandled exception of type System.InvalidCastException ... in VB.Net
Class Builder Add In In VB.Net 2005 Express
Wierd error message with Access DB
some more questions
why my post is deleted?
Get target of shortcut
third-party installer for choice and security

Ordinary users can't update MDB files installed in same directory as app

I'm using Windows Installer 3.1 to put my VB 2005 application on user machines. The destination folder is C:\Program Files\my company\my app\. The application uses an Access DB that I have been putting in the same folder. The application and data are to be accessible to all users and the DB needs to be able to accept new data and modifications.

All is well as long as the user is a power user or administrator. Ordinary users sometimes find that the default installation won't allow them to update any of the files since the folder, being under Program Files, is created without the necessary permissions. This yields the ever-popular "Operation must use an updateable query" exception.

The folder's security settings can be manually modified to make the application work, but this seems like a pretty clunky way to do it. I could also create a new folder off the root instead of putting it under Program Files, but that's also a bit of a kluge.

Isn't there some standard, clean way to set this up so that the installation won't require someone with administrator privileges to lay hands on the box



Answer this question

Ordinary users can't update MDB files installed in same directory as app

  • mosaic

    Paul,

    I don't think that's totally accurate. A deployment setup program with Admin privs could modify ACLs on target directories. It takes a bit of sophistication to do that, but it is doable.



  • JDigital007

    You'd have to write the code....Using SDDL and that code would have to be part of a deployment program.



  • ACM

    Ah, so. Thank you.

    So how do I add an ACL I'm in terra incognito. Do I write a little executable and specify it as an Install Custom Action in installer


  • JColeman

    You probably want to put the database in either the ApplicationData or CommonApplicationData folder...

    http://msdn2.microsoft.com/en-us/library/system.environment.specialfolder.aspx

    Best regards,
    Johan Stenberg



  • Dharmesh Gandhi

    Yes that's very true and is Standard Operating Procedure.

    But it's also standard operating procedure to require admin privileges to do an installation.



  • Donna46502

    Isn't this limited by the permissions granted the user by the system administrator In that case, how would you upgrade the access to a level higher than originally granted

    Here's a quote from MSDN regarding security permissions: "The .NET Framework security system determines whether such requests are honored. Requests are honored only if the code's evidence merits granting those permissions. Code never receives more permission than the current security settings allow based upon a request."

  • John.SmithsAero

    Renee,

    You mentioned ACLs before, but, as I said in an earlier reply, I don't know how to apply them.

    The code doesn't seem too challenging. I think I understand how to create an ACL in code in the System.Security.AccessControl namespace. However, I don't know how to run the necessary code from Windows Installer. Do you create an executable that is run as a custom action

    I'm assuming that the installer will have admin privileges. The ACL needs to be run once, at installation. After that, anybody can use it.

  • Francisco Fagas


    Can't you create a folder under My Documents and copy the Access database file there using the Windows Installer

    The bottom line is that the user will require full permissions to the folder where the .mdb file is located.



  • Jeffrey2793

    For some reason, neither of these is available as a custom file in my version of Windows Installer (3.1). There is a much more limited list than the documentation indicates should be available. I only have CommonFiles, Fonts, Programs, System, Windows, Targetdir, and some 64 bit variants.

  • Xcalibur37


    Assuming an Admin user is installing the app, yes.

    In any event the ACL would probably be set based upon group membership rather than the individual users. Can't say I have ever attempted this with the Windows Installer, though.



  • zhackwyatt


    I was thinking ADSI or WMI. I'm not sure that the .NET namespace System.DirectoryServices supports this capability. I've never used SDDL before.

    http://support.microsoft.com/default.aspx scid=kb;en-us;899553

    If you want an easy command line method you could always call the old Cacls utility.



  • Tomcatter

    Right, regarding needing full permissions. However, putting it in My Documents restricts it to one user, which is at odds with the purpose.

    Thanks.

  • Adrian Accinelli


    Then the answer to your original question is no. If the users do not have sufficient permissions for the folder then they can only be granted permissions by an Admin on the machine. Unfortunately it's the tradeoff you make when you secure a machine by restricting user permissions to the file system.

  • Marnee

    Isn't there some standard, clean way to set this up so that the installation won't require someone with administrator privileges to lay hands on the box

    You've made a setup program.... part of it could be to set an ACL for the directory.



  • Ordinary users can't update MDB files installed in same directory as app
Answer this question