Author |
Message |
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Fri Sep 10, 2010 8:03 pm Post subject: |
|
|
I've hacked my way around one of my concerns.
I've used a program called "Resource Tuner" (restuner.com/howto-insert-trust-info-manifest.htm) to change the manifest setting for VVEngine.exe to "highestAvailable" rather than "requireAdministrator" as you have it compiled.
It allows me to run with compatibility modes turned off and all local user security policy options as they were, alleviating those concerns.
So the only thing I'm losing out on now is archiving functionality, which still produces the "attributes have changed on target delete file since comparison" error. Which, as we seem to have discovered has nothing to do with the target delete file, but with the archive file.
I still don't understand why the target network drive paths are required to be in UNC format, but that's a small issue. |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8759
|
Posted: Sat Sep 11, 2010 7:41 am Post subject: |
|
|
Hi
Quote: | OK, my user account settings now match yours, and I still have a blue icon. But doesn't this still defeat some of the security? It reverts back to all the nags on the desktop, but wouldn't a rogue program that added itself to startup run now without permission?
|
My settings are the windows 7 default settings. Prompt for consent on the secure desktop is more secure than prompt for consent. See
http://technet.microsoft.com/en-us/library/ee679793%28WS.10%29.aspx
Quote: | Whether my user account settings were the way they were or the way the are, notepad still shows without having to click on "show processes from all users".
|
Did you run Notepad from the "Run as administrator" menu (right click on the icon and select "run as administrator"). By default Windows 7 does not run programs as administrator even if you are logged in as administrator.
Quote: | One pattern I'm starting to notice, is that any program I run that I have permission issues with has the shield over it's excecuteable icon in windows explorer, including many of the VVEngine executeables, like VVEngine.exe. |
This icon identifies programs that require to be run as administrator. When you run them you should be alerted and you must select "yes".
thanks
http://www.tgrmn.com _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8759
|
Posted: Sat Sep 11, 2010 7:42 am Post subject: |
|
|
Quote: | I've used a program called "Resource Tuner" (restuner.com/howto-insert-trust-info-manifest.htm) to change the manifest setting for VVEngine.exe to "highestAvailable" rather than "requireAdministrator" as you have it compiled. |
With this change you are forcing VVEngine to run without admin priviliges, which can be done. Some of the features as Volume Shadow Service won't work with this settings, but the rest will work fine. _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Sat Sep 11, 2010 3:11 pm Post subject: |
|
|
TGRMN Software wrote: | My settings are the windows 7 default settings. Prompt for consent on the secure desktop is more secure than prompt for consent. |
Can't argue much with that. Strange that Microsoft would sell me a fresh install of Windows 7 Pro with that setting set to other than the default. Logically, it seems that "Prompt for Consent" should be the default setting, since only prompting for consent on the desktop will allow executeables ran from other than the desktop to run. But then, of course, it does lead to problems like I'm having.
Quote: | Did you run Notepad from the "Run as administrator" menu (right click on the icon and select "run as administrator"). |
Yes.
Quote: | With this change you are forcing VVEngine to run without admin priviliges, which can be done. Some of the features as Volume Shadow Service won't work with this settings, but the rest will work fine. |
Well, can't have that, I need volume shadow copy functionality, so I'm running it the way I was before again (original executeable with compatibility mode set).
Also, didn't get a comment from you in the other thread on my findings on the archiving problem. Hope that can be resolved. |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8759
|
Posted: Sun Sep 12, 2010 6:43 am Post subject: |
|
|
Hi,
can you confirm that the gray VVEngine icon problem is not present if "Prompt for consent on the secure desktop" is selected but it is present if "Prompt for consent" is used ?
I tried both and both do work OK on my Windows 7 machines (2 one is 32-bit and one is 64-bit).
Do you have User Account Control: Switch to the secure desktop when prompting for elevation set to enabled?
I would really like to reproduce this issue if possible!
thanks _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Sun Sep 12, 2010 8:19 pm Post subject: |
|
|
TGRMN Software wrote: | can you confirm that the gray VVEngine icon problem is not present if "Prompt for consent on the secure desktop" is selected but it is present if "Prompt for consent" is used ? |
No I cannot confirm that. The gray VVEngine icon IS present whether I select "Prompt for consent on the secure desktop" or just "Prompt for consent".
If I choose "Prompt for consent on the secure desktop", I only have to additionally set Windows Server 2003 compatibiility mode for the VVEngine executeable to make the icon run blue. (I also have to set VVEnineHome.exe to compatibility mode otherwise it complains that VVEngine is not found or not running or something like that when I click on it.)
If I choose "Prompt for consent", I have to run my hacked VVEngine executeable that the manifest was changed to "highestAvailable" priviledges, and don't have to run in compatibility mode at all.
At the moment, I am running with the exact same settings you run that you posted a few days ago, except that I also have to run the VVEngine.exe executeables in compatibility mode in order to acheive a blue icon. Here are my setting (that match yours):
User Account Control: Use Admin Approval Mode for the built-in Administrator account (Disabled)
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. (Disabled)
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (Prompt For Consent on the secure desktop)
User Account Control: Behavior of the elevation prompt for standard users (Prompt for Credentials)
User Account Control: Detect application installations and prompt for elevation (Enabled)
User Account Control: Only elevate executable files that are signed and validated (Disabled)
User Account Control: Only elevate UIAccess applications that are installed in secure locations (Enabled)
User Account Control: Turn on Admin Approval Mode (Enabled)
User Account Control: Switch to the secure desktop when prompting for elevation (Enabled)
User Account Control: Virtualize file and registry write failures to per-user locations (Enabled)
Quote: | Do you have User Account Control: Switch to the secure desktop when prompting for elevation set to enabled? |
Yes (see above). |
|
Back to top |
|
|
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Mon Sep 13, 2010 2:34 pm Post subject: |
|
|
I found something today which may be related. Today and the next few days are going to be busy, so I won't have time to revert back to stock VVEngine setup for testing. I found the User Account Control set to the highest hash mark, whereas default & where it was originally was at the second one down from the top. I don't remember changing it, but I've changed it back. Maybe you can try changing yours to the highest level in the meantime and see if you duplicate the problems I have with the gray icon. |
|
Back to top |
|
|
TGRMN Software Site Admin
Joined: 10 Jan 2005 Posts: 8759
|
Posted: Tue Sep 14, 2010 4:26 am Post subject: |
|
|
Hello
my settings was already on the highest level, changing it does not seem to have any impact.
What version of Windows 7 are you using ? 32-bit or 64-bit ? Is that Home, Professional, Ultimate?
thanks _________________ --
TGRMN Software Support
http://www.tgrmn.com
http://www.compareandmerge.com |
|
Back to top |
|
|
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Tue Sep 14, 2010 4:28 am Post subject: |
|
|
I found some time this evening to test it. Long story short, all is OK now.
I've returned VVEngine to "stock" operation, removing all hacks & compatibility modes, and I still have a blue icon.
Adjusting the User Account Control Settings panel slider back to the heavy black mark, which is the default setting did the trick.
Sorry to put you through the wringer like this, but at least you know how to respond to similar issues from other users with Windows 7.
I'd still like to run VVEngine with archiving though. Haven't heard anything new from you on that thread. I was looking through the forum and thought I may have seen this issue brought up before. Is this rename problem a known flaw in VVEngine? |
|
Back to top |
|
|
BLatSD
Joined: 12 Mar 2009 Posts: 40
|
Posted: Tue Sep 14, 2010 4:32 am Post subject: |
|
|
TGRMN Software wrote: | my settings was already on the highest level, changing it does not seem to have any impact. |
As the above message points out, it did for me. I seem to be good to go so far.
Quote: | What version of Windows 7 are you using ? 32-bit or 64-bit ? Is that Home, Professional, Ultimate? |
64 bit, Professional. Although if it makes any difference, the Professional version was "unlocked' from Home Premium with an "Anytime Upgrade" key. |
|
Back to top |
|
|
|