Comments (2)
This is true, however, ACL is not a single property as you can clearly see in the picture but rather contains detailed access permissions. What permission should we choose to return a simple boolean
value indicating if a user has admin access? Currently, we are only checking if the user is a member of the built-in administrator group. However in theory a user can be a member of another group with the same level of access in which case this library returns a false negative. This could also happen in reverse but that's quite implausible. In any case, what is done now actually should be sufficient for 99% percent of users on 99% percent of machines.
On the other hand, ACL and user permission has nothing to do directly with the UAC. UAC is just virtualization on top of actual user access of the owner and since it is actually not possible to run an unelevated process from an elevated one, you need to either copy the token of another unelevated process or use other workarounds. This library uses Task Scheduler and the token of explorer process to do so (two methods for the library user to choose from). The word "elevated" here is used in regard to the UAC behavior.
So this makes things complicated as to what to do; what are you suggesting to be done to make the library more useful but still keep it relatively easy to use and understand?
from uachelper.
On the other hand, ACL and user permission has nothing to do directly with the UAC.
Indeed. I'd only realized after opening this issue that ACL comparisons and management are outside the scope of this project. I'm sorry for er...barking up the tree. Although this library does check some ACLs, I understand that its primary use is to determine if a process is considered "Elevated".
On the bright-ish side, this exposed an issue I have with .NET; it has little or no functionality for accessing and manipulating ACLs with resorting to WMI or PInvoke.
For the library I'm working on, I'd need to know if the current process has a certain set of permissions to a given filesystem path. If the process does not have permission, it would need to either change the filesystem object's ACLs or start a child process with the needed ACLs to complete the task.
P.S. thank you for your time and hard work maintaining a C# port of the UACHelper library!
from uachelper.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uachelper.