2

I have a service auditing standard users of the local PC. I would like to get the performance logs uploaded to an SQL server but as a first step, and for simplicity I need to store them, as well as the config.ini which initializes the service in a special folder accessible only to the localsystem account.

Is there such a folder and where would I find it?

John
  • 6,433
  • 7
  • 47
  • 82
  • @sll data would be stored for benefit of localsystem account only, and later cascaded down to users if needed. As an aside I found that for Vista and newer: http://en.wikipedia.org/wiki/User_Account_Control#Tasks_that_trigger_a_UAC_prompt, not perfect as only a UAC prompt away from deleting program files, but better than what I've got in XP. – John Sep 13 '11 at 10:45

1 Answers1

1

Take a look at the Isolated Storage feature

With isolated storage, data is always isolated by user and by assembly. Credentials such as the origin or the strong name of the assembly determine assembly identity. Data can also be isolated by application domain, using similar credentials

How-tos:

sll
  • 61,540
  • 22
  • 104
  • 156
  • 1
    Unless the auditing service is running under different credentials the user has still access to files in isolated storage. They're a little hard to find but that's just security through obscurity. – riezebosch Sep 13 '11 at 10:31
  • 1
    @riezebosch : I supposing that data would be stored under the "service's account" isolated storage not under the each specific user which has been monitored, but I believe this point still not clear – sll Sep 13 '11 at 10:35
  • For XP "\Documents and Settings\\" is root of isolated storage. There is no entry there for localSystem. I see the isolated storage is not intended for generated log data, which spurs me on to learn SQL Server, but how could I authenticate automatically and securely if that or (for Vista+) \Users\\ is visible to the user? I may be a while verifying sample code (without fast user switching)... – John Sep 13 '11 at 11:03
  • @John Silver : Could youn try to create any file in isolated storage from Service? – sll Sep 13 '11 at 11:09
  • @sll Sure, I followed your link and got the example working from my *admin* account, then I logged in as an XP "Limited" User and I leafed through the path above to find the files and directories just created. I even opened one but found it to be empty. Now I need to try it from the localsystem account. There must be a better way, I can't imagine it working because doesn't exist when the service starts up (and reads its config). – John Sep 13 '11 at 12:31
  • I thinks my problems are (1) FAT32, (2) XP Home. Sorry for being such a dolt! – John Sep 13 '11 at 20:42