-2

I am currently trying to grant my Windows Application acccess to write errors into a Log.txt file that is located in a restricted Directory.

Is there any way to let's say impersonate an admin, write to the log file and return the Application to regular user permissions.

Important information:

-I have to use .NET Framework 4.6 -I cannot make the Directory public

I tried modifying security properties of the Log.txt file, but this didn't work + doesn't seems to be the best option.

Edit: I know I can make my application request admin credentials on start but it has to be available to all users.

Justification:

The thing is I was asked to develop a Windows App with different functionalities. I am a junior programmer so I mainly just folllow orders. My supervisor told me to generate a log in the Application's installation path (C:\Program Files (x86)\MyApplication) for which all users have read-only access. The problem is the Application can't read as it's permissions are the same of the user's which, if not an admin, cant edit any file in that directory...

Jesus Zarate
  • 1
  • 1
  • 3
    if there was an approved way to impersonate an administrator to write to a protected directory whenever you wish, then what would be the point to protecting directories in the first place? – Claies Mar 16 '23 at 20:14
  • Writing logs to a protected directory is crazy. Tell us why you think you need to do that. Then write it to a location you and the reader will have access to. – Dour High Arch Mar 17 '23 at 01:14
  • And writing (usage) logs inside your application install directory is a bad decision also. There are guidelines to how different paths within the windows OS should be used and this is not following them – Damien_The_Unbeliever Mar 20 '23 at 14:33
  • I searched for the best directory to place my log, and came across with AppData but wouldn't that generate multiple log files per user? Is there a specific Directory where I should place all my log data? – Jesus Zarate Mar 20 '23 at 15:37

1 Answers1

0

First of all, I have to say that putting logs to a restricted folder is not a good idea.

You can't write to a restricted folder bypassing security policies, as that would be a security issue. You can request permission to start a child process (LogWriter helper or whatever) in elevated mode using runas verb - this will bring an UAC prompt, and if user allows it, child process will gain admin rights. See this answer for details.

Or you can write a service, but installing it will also require admin rights.

nevermind
  • 2,300
  • 1
  • 20
  • 36
  • I have no problem with deploying a Windows Service as an admin. But now I have the question, can I actively pass error information from the application to the service on execution? – Jesus Zarate Mar 20 '23 at 14:35