Access to a user's Special Folders

You could use LogonUser to impersonate the other user and then
SHGetFolderPath to get the appropriate path, but it'd be much easier
to just get the current user's special folder location and then use
string manipulation to get the other user's folder.

HTH,

Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 21 Aug 2006 12:01:58 -0700, wh*******@gmail.com wrote:

>How can I get access for another user's special folder locations?

A configuration file is stored in the users' appData folder and the
program altering it will be ran under the admin.

but it'd be much easier

to just get the current user's special folder location and then use
string manipulation to get the other user's folder.

The problem with this is that the user can set their special folder to
whatever they want; ie. set my documents to c:\Docs instead of the
normal path.

I guess I might try the impersonate option.

Another thing you can try is reading the registry directly. The
directories are stored here:

HKEY_USERS\xxxx\Software\Microsoft\Windows\Current Version\Explorer\Shell
Folders

The trick is you need to loop through all the users and find the right
one based on "Logon User Name" stored here (which will include
domain):

HKEY_USERS\xxxx\Software\Microsoft\Windows\Current Version\Explorer

More work than impersonation, but doesn't require knowing passwords.

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.

On 21 Aug 2006 12:25:32 -0700, wh*******@gmail.com wrote:

>but it'd be much easier
to just get the current user's special folder location and then use
string manipulation to get the other user's folder.

The problem with this is that the user can set their special folder to
whatever they want; ie. set my documents to c:\Docs instead of the
normal path.

I guess I might try the impersonate option.

The trick is you need to loop through all the users and find the right

one based on "Logon User Name" stored here (which will include
domain):

HKEY_USERS\xxxx\Software\Microsoft\Windows\Current Version\Explorer

Not sure what you mean here, xxxx is some random id number; not the
user name; how can i map the two together?

wh*******@gmail.com wrote:

>The trick is you need to loop through all the users and find the right
one based on "Logon User Name" stored here (which will include
domain):

HKEY_USERS\xxxx\Software\Microsoft\Windows\Curren tVersion\Explorer

Not sure what you mean here, xxxx is some random id number; not the
user name; how can i map the two together?

Hi,

IIRC, it's actually the user's SID, and you can try using P/Invoke to grab
an SID from username by means of the LookupAccountName function.

This webpage may help you:
http://www.pinvoke.net/default.aspx/...countName.html

Once you have the SID, if you get it into the correct format, you should be
able to do the registry lookup.

--
Hope this helps,
Tom Spink

Google first, ask later.

wh*******@gmail.com wrote:

How can I get access for another user's special folder locations?

A configuration file is stored in the users' appData folder and the
program altering it will be ran under the admin.

Remember that, if your program allows a "least-privilege" user to alter
another user's files or access their user folder, Microsoft will not
recognize it as XP or Vista-compatible and may even brand it malware.
This is not something most programs should be doing.

Having said that, you can have your program request to be run with
administrator permissions, or be run as if another user were logged on.

li****@gmail.com wrote:

>
wh*******@gmail.com wrote:

>How can I get access for another user's special folder locations?

A configuration file is stored in the users' appData folder and the
program altering it will be ran under the admin.

Remember that, if your program allows a "least-privilege" user to alter
another user's files or access their user folder, Microsoft will not
recognize it as XP or Vista-compatible and may even brand it malware.
This is not something most programs should be doing.

Having said that, you can have your program request to be run with
administrator permissions, or be run as if another user were logged on.

If the program is running in the context of a user without permissions to
the other users' folder, then it won't be able to alter/access the other
users' files, providing the ACL is correctly defined on those files. NTFS
built in security will take care of that.

The OP mentioned that the program will be running with admin privileges,
which is what you mentioned in your last point, anyway.

--
Hope this helps,
Tom Spink

Google first, ask later.

Remember that, if your program allows a "least-privilege" user to alter

another user's files or access their user folder, Microsoft will not
recognize it as XP or Vista-compatible and may even brand it malware.
This is not something most programs should be doing.

This is the problem i face:
A service is ran in the background by user, AAA. The service reads a
config file from AAA's settings directory.

The Admin can change the service settings by running a program that
alters this config file in AAA's settings directory.

Do you have any other recommendations to do this? The settings file
cannot be in a public folder because not everyone should alter it.

Not sure why you have a service running as a 'regular' user, services should
run as a 'service' user, that is running as LocalService or NetworkService.
Their special folders are accessible by admins and their paths are fixed.
Running a service as a regular users is a bad idea, their registry hives
(HKCU) are not loaded when the user is not logged on interactively, so you
can't rely on API's like the special folder API nor can you search the users
part of registry as it's not loaded.

Willy.
<wh*******@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
|Remember that, if your program allows a "least-privilege" user to alter
| another user's files or access their user folder, Microsoft will not
| recognize it as XP or Vista-compatible and may even brand it malware.
| This is not something most programs should be doing.
|
| This is the problem i face:
| A service is ran in the background by user, AAA. The service reads a
| config file from AAA's settings directory.
|
| The Admin can change the service settings by running a program that
| alters this config file in AAA's settings directory.
|
| Do you have any other recommendations to do this? The settings file
| cannot be in a public folder because not everyone should alter it.
|

Sorry I wasn't more clear; trying to make the example generic; I meant
AAA was the LocalSystem user. Is this user folder fixed? I would think
you can change it per system(ie, user has an e:\ rather than a c:\).
Willy Denoyette [MVP] wrote:

Not sure why you have a service running as a 'regular' user, services should
run as a 'service' user, that is running as LocalService or NetworkService.
Their special folders are accessible by admins and their paths are fixed.
Running a service as a regular users is a bad idea, their registry hives
(HKCU) are not loaded when the user is not logged on interactively, so you
can't rely on API's like the special folder API nor can you search the users
part of registry as it's not loaded.

Willy.
<wh*******@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
|Remember that, if your program allows a "least-privilege" user to alter
| another user's files or access their user folder, Microsoft will not
| recognize it as XP or Vista-compatible and may even brand it malware.
| This is not something most programs should be doing.
|
| This is the problem i face:
| A service is ran in the background by user, AAA. The service reads a
| config file from AAA's settings directory.
|
| The Admin can change the service settings by running a program that
| alters this config file in AAA's settings directory.
|
| Do you have any other recommendations to do this? The settings file
| cannot be in a public folder because not everyone should alter it.
|

I think storing the config info into the registry might be a better
solution.

wh*******@gmail.com wrote:

Sorry I wasn't more clear; trying to make the example generic; I meant
AAA was the LocalSystem user. Is this user folder fixed? I would think
you can change it per system(ie, user has an e:\ rather than a c:\).
Willy Denoyette [MVP] wrote:

Not sure why you have a service running as a 'regular' user, services should
run as a 'service' user, that is running as LocalService or NetworkService.
Their special folders are accessible by admins and their paths are fixed.
Running a service as a regular users is a bad idea, their registry hives
(HKCU) are not loaded when the user is not logged on interactively, so you
can't rely on API's like the special folder API nor can you search the users
part of registry as it's not loaded.

Willy.
<wh*******@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
|Remember that, if your program allows a "least-privilege" user to alter
| another user's files or access their user folder, Microsoft will not
| recognize it as XP or Vista-compatible and may even brand it malware.
| This is not something most programs should be doing.
|
| This is the problem i face:
| A service is ran in the background by user, AAA. The service reads a
| config file from AAA's settings directory.
|
| The Admin can change the service settings by running a program that
| alters this config file in AAA's settings directory.
|
| Do you have any other recommendations to do this? The settings file
| cannot be in a public folder because not everyone should alter it.
|

<wh*******@gmail.comwrote in message
news:11*********************@i3g2000cwc.googlegrou ps.com...
| Sorry I wasn't more clear; trying to make the example generic; I meant
| AAA was the LocalSystem user. Is this user folder fixed? I would think
| you can change it per system(ie, user has an e:\ rather than a c:\).
|

Not sure what exactly is meant here by a "user folder".
Just let me explain my point...
Service accounts aren't interactive accounts, they don't have an
'interactive' profile (created by the system at first interactive logon), so
they don't have "My documents" and other related stuff on the File system.
What they have is an environment block and a minimal profile loaded, this
profile has a an Application Data entry which refers to the FIXED FS path
(except the drive letter) like: C:\Documents and
Settings\LocalService\Application Data or C:\Documents and
Settings\NetworkService\Application Data.
This path is returned by Environment.SpecialFolder.ApplicationData when
running as LocalService or NetworkService resp.
Creating a file under this path say:
C:\Documents and Settings\LocalService\Application Data\config.xml
will effectively create the file on the FS.
Note that the command shell will not show you the directories of these
pseudo accounts, they are only visible through the explorer shell.
An admin has access to the folder, so IMO it should be a problem to edit
config info in that folder.

Willy.