1

When my app is running elevated and creates a file (using CreateFile), that file requires elevation to be further edited.

How do I create a file that does not require elevation to edit, even if my app is running elevated?

tenfour
  • 36,141
  • 15
  • 83
  • 142

1 Answers1

3

When my app is running elevated and creates a file (using CreateFile), that file requires elevation to be further edited.

That is not correct. What is actually happening, most likely, is that you are saving the file to a directory which has restrictive access rights. For example, the program files directory, or the system directory.

So, there are two ways for your program, when running elevated, to save a file which can be edited by standard user:

  1. Save the file in a location which does not have restrictive access rights.
  2. After saving the file, give it permissive access rights by applying an ACL.

Of these options, the former is usually the correct choice.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • Hmm, I'm creating the file in `c:\programdata\myapp\myapp.log`. The directory is created with `SHCreateDirectoryEx`. This shouldn't require elevation then, right? – tenfour Jan 13 '15 at 14:38
  • Are you sure, you have set proper permissions for this folder? – Xearinox Jan 13 '15 at 14:43
  • 1
    The ProgramData folder has rather special permissions. Only the user who creates any given file/directory has permission by default to write to it. http://stackoverflow.com/questions/22107812/privileges-owner-issue-when-writing-in-c-programdata – David Heffernan Jan 13 '15 at 14:48
  • @DavidHeffernan aha that makes sense. Do you have code off-hand to apply the ACL for users? – tenfour Jan 13 '15 at 14:52