I wrote a CDialog based MFC app with Visual Studio 6.0 that that I
have been running from an Administrator account under win XP. MyApp is
manually installed into c:\MyApp\, and MyApp creates and manages data
in c:\MyAppData\. Life was good, MyApp worked as advertised. (MyApp
is obviously not a commercial product, but a tool for a customer to
acquire data from the field.)
Now I have a new requirement that MyApp be run by an "Operator" who is
not allowed to break the integrity of MyApp, or MyAppData (or the OS
or other user's data, etc.) Note that the Operator does not "own"
MyAppData. We might allow him to view or copy MyAppData, but that's
all. Anything that needs to be done with MyAppData must be done by
MyApp (or an Administrator.)
The idea is that the setup of the laptop be done by me (as
Administrator), and the laptop will be shipped to the location of an
Operator who "collects data" by running MyApp. So one last
requirement is that MyApp and / or the Operator needs to copy
MyAppData off the laptop onto another PC or CD or thumbnail drive, or
possibly call home, etc.
I've been searching the news groups and have started looking in these
kinds of areas:
- How to get an exe to run as Administrator from a Users account
- SetFileSecurity
- SHFileOperation
- Fksec (http://win32.mvps.org/index.html)
- Kiosks
But I seem to get trapped in the catch 22 that a User account does not
have some required privilege. (For example, if I run the fksec app as
a User I get "GetFileSecurity() cannot read SD, A Required privilege
is not held by the client."
I notice in the XP Pro Resource Kit (page 713) that "Only apps that
are certified for win 2K or XP Pro run successfully under the secure
Users context." But my requirement is also that the MyAppData is
protected from the user.
I must admit this security stuff is new to me, so right now I am just
looking for "the right way to think about and approach the problem,"
ideas, suggestions, 3rd party solutions, pointers to information from
someone who has done this, etc…
Many thanks,
Gary
