1

I have full admin privileges on my Windows 7 machine but when I run my application which creates a file on c:\ drive I get error code 5 (Access is denied). I know windows 7 doesn't allow creating files in protected areas like c drive and program files and file explorer brings up 'administrative' message box if I copy a file there from somewhere else after which it does allows but can my application obtain write level access?

In my application, user gets to pick the folder where they want to create the file so if they choose c:\ drive s/he will obviously get this error which is not desirable.

void CTestDlg::OnBnClickedButtonCreate()
{
    CFile f;
    CFileException e;
    TCHAR* pszFileName = _T("c:\\test.txt"); // here i am hard coding path for simplicity.
    if(!f.Open(pszFileName, CFile::modeCreate | CFile::modeWrite, &e))
    {
        TRACE(_T("File could not be opened %d\n"), e.m_cause);
    }

}

As far as I have researched it seems I can't by-pass the UAC dialog which is fine but my application don't even present it (which is understandable as well) but what are my options?

I see my only option is to detect this in my own application if this is Windows 7 OS and than check for file path before creating the file and present a more user friendly message 'windows 7 doesn't like you to create file in this folder, choose a different folder or go back to xp'. Is this scheme the way to go on Windows 7? Is there any other way?

zar
  • 11,361
  • 14
  • 96
  • 178
  • possible duplicate of [Does Windows 7 have the same problem as Vista?](http://stackoverflow.com/questions/5210575/does-windows-7-have-the-same-problem-as-vista) – Cody Gray - on strike Feb 17 '12 at 17:57
  • No, your only option is to use the appropriate folder in *both* Windows 7 *and* Windows XP. That will be one of the user's folders, not the root directory of the disk. Never put stuff in the root directory of a disk. – Cody Gray - on strike Feb 17 '12 at 17:57
  • 1
    @CodyGray They are not the same but they both has to do with UAC. – zar Feb 17 '12 at 19:30
  • They're exactly the same. My answer there tells you what the problem is *and* how to solve it. **You should not run an application with administrative privileges just to work around code that was wrong when you wrote it originally**, and you *especially* shouldn't do that in new applications. – Cody Gray - on strike Feb 17 '12 at 20:46
  • @CodyGray Your answer is very useful there and relevant to me but the questioner was not very clear in his OP. I search quite a bit before posting but the one you linked didn't come up. – zar Feb 17 '12 at 21:02
  • Oh, I wasn't criticizing you for asking a duplicate question. That's just an automatic comment that gets inserted. The point was that the other question is useful because it has an answer that answers your question. – Cody Gray - on strike Feb 17 '12 at 21:29

3 Answers3

3

As Kolink noted, your application needs to run with administrator privileges. In order to do that automatically, embed a manifest as explained here.

EDIT: For VS2010: Project Properties > Configuration Properties > Linker > Manifest File Change the 'UAC Execution Level' to the desired value.

Carey Gregory
  • 6,836
  • 2
  • 26
  • 47
  • 1
    The real answer is in two lines in the comments section of the link you provided as rest of the article is related to VS2005, microsoft has not updated this. I am reposting the two lines solution: For VS2010: Project Properties > Configuration Properties > Linker > Manifest File Change the 'UAC Execution Level' to the desired value. – zar Feb 17 '12 at 21:39
  • @zadane: Oops, sorry about that. Thanks for finding the correction. I've added it to the answer for others. – Carey Gregory Feb 19 '12 at 21:55
1

Either don't try to write to protected areas, or require that your application be run with permissions (right-click => Run as Administrator).

I know I don't like random files appearing in my root - I like my files organised.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • Can I run it with administrator permissions programmatically? – zar Feb 17 '12 at 16:02
  • 1
    @zadane I really hope the answer to that last question is that you can't. It seems unsafe otherwise. – webdreamer Feb 17 '12 at 16:10
  • If you don't like random files appearing in root, then you should not allow that. The OP wants to do this, that's why they asked. – stu Jan 14 '14 at 20:35
0

If it's the user who provides the path, then you should inform them that the file cannot be saved to this location and ask to provide another name.

Usually the shell, GetSaveFileName function, checks whether the new file can be created in the selected directory before returning, see flag OFN_NOTESTFILECREATE in description of OPENFILENAME structure.

Another option is to handle such situation and to show UAC confirmation yourself. But this solution requires much more effort than it's really worth. You can't elevate the current process, so the operation of saving the file to a protected area has to be implemented in another process. At the same time your current process has the data to be saved, so you'll have to implement the communication between the two processes. Read Designing UAC Applications for Windows Vista for more information.

Alexey Ivanov
  • 11,541
  • 4
  • 39
  • 68
  • I would like to 'check whether the new file can be created in the selected directory' but the CreateFile() returns code 5 'access denied' which is same generic code that I can potentially get for other reasons. How can I differentiate this folder is not ok because of permission issues? The `GetSaveFileName` does exactly that if destination folder is for example c:\ – zar Feb 20 '12 at 20:02
  • @zadane ‘Access denied’ means that you have no permission to write (or to read) to the folder. There's no warranty you'll permission to write to the folder when you're elevated with full administrator privileges. I guess the only way to check it is to analyze folder ACL, for example to check whether Administrators group has write permissions. It's not bullet-proof though. – Alexey Ivanov Feb 21 '12 at 05:51