Topic: Configuration for Windows Limited Users (1 of 6), Read 29 times
Conf: Installation, Configuration
From: Dave English
Date: Thursday, April 13, 2006 06:22 AM

Does anyone have any suggestion for how I should go about changing my Vedit config to work satisfactorily for a Windows with User Privilege only?

I would imagine that I want to arrange for a vedit.cnf in say:

%APPDATA%\GreenView\Vedit

With Regedit, I can see there is for example a

[HKEY_CURRENT_USER\Software\GreenviewData\Vedit\Ver6.1]

with a:

"UserCfgDir"=

but I am not sure whether that is used in preference to HKLM.

I do not actually really need per user config, but as it is at the moment, for example the recent files used is never updated, because User does not have rights to write into C:\Program Files\Vedit . Per user config would seem like the regular way to fix this, if not too difficult.

Why am I running as User? To help improve my security.
See Aaron Margosis' excellent work at:
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx

and the White Paper: http://go.microsoft.com/fwlink/?LinkId=58445
Regards

 


Topic: Re: Configuration for Windows Limited Users (2 of 6), Read 28 times
Conf: Installation, Configuration
From: Ted Green
Date: Thursday, April 13, 2006 11:32 AM

At 06:22 AM 4/13/2006, you wrote:
>From: "Dave English"
>
>Does anyone have any suggestion for how I should go about changing my Vedit config to work satisfactorily for a Windows with User Privilege only?
>
>I would imagine that I want to arrange for a vedit.cnf in say:
>
>%APPDATA%\GreenView\Vedit
>
>With Regedit, I can see there is for example a
>
>[HKEY_CURRENT_USER\Software\GreenviewData\Vedit\Ver6.1]

VEDIT uses the registry only to interface with Explorer.
(Right-click "Open with VEDIT" and stuff like that.)
VEDIT does not use the registry for its own operation.

Here are some observations:

1. If you install into c:\vedit (as we suggest), problem is solved.

2. I haven't recently tested it, but if you change the "UserCfgDir"
in the vedit.ini file to a folder/file with read/write permission,
everything should work. (This was originally intended for
Network server installs.)

3. If this is a big issue, we could change VEDIT to use e.g.
"My Documents\vedit" for the UserCfgDir.

Ted.

 


Topic: Re: Configuration for Windows Limited Users (5 of 6), Read 21 times
Conf: Installation, Configuration
From: Dave English
Date: Wednesday, April 19, 2006 05:54 AM

On 4/13/2006 11:32:51 AM, Ted Green wrote:
>At 06:22 AM 4/13/2006, you
>wrote:
>>From: "Dave English"
>>
>>Does anyone have any suggestion for how I should go about changing my Vedit config to work satisfactorily for a Windows with User Privilege only?
>>
>>I would imagine that I want to arrange for a vedit.cnf in say:
>>
>>%APPDATA%\GreenView\Vedit
>>
>>With Regedit, I can see there is for example a
>>
>>[HKEY_CURRENT_USER\Software\GreenviewData\Vedit\Ver6.1]
>
>VEDIT uses the registry only
>to interface with Explorer.
...

I see

>Here are some observations:
>
>1. If you install into
>c:\vedit (as we suggest),
>problem is solved.

Thanks, but that did not work. That is because I have:

C:\>dir /q c:\
Volume in drive C has no label.
Volume Serial Number is 2815-9B6A

Directory of c:\
...
18/04/2006 11:29 DIR BUILTIN\Administrators vedit
...
10 File(s) 20,615,967 bytes
18 Dir(s) 4,877,590,528 bytes free

C:\>cacls c:\vedit
c:\vedit BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
BUILTIN\Administrators:F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA

BUILTIN\Users:(CI)(special access:)
FILE_WRITE_DATA


That will because (sorry) I have changed the “default owner” setting on my computer to “Administrators group”.

http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx

>2. I haven't recently tested
>it, but if you change the
>"UserCfgDir"
>in the vedit.ini file to a
>folder/file with read/write
>permission,
>everything should work. (This
>was originally intended for
> Network server installs.)

Yes thanks, that works for me. It does leave me with config for one use only, but then I cannot now remember how the old Windows network installation .ini mechanisms worked.

>3. If this is a big issue, we
>could change VEDIT to use e.g.
>"My Documents\vedit" for the
>UserCfgDir.

"My Documents" versus "Application Data" is something for you to decide. But before that, have you looked at Vista? That is where all of this will matter to you.

Regards

 


Topic: Re: Configuration for Windows Limited Users (6 of 6), Read 26 times
Conf: Installation, Configuration
From: Ted Green
Date: Wednesday, April 19, 2006 11:04 AM

At 05:54 AM 4/19/2006, you wrote:

>"My Documents" versus "Application Data" is something for you to decide. But before that, have you looked at Vista? That is where all of this will matter to you.

I actually meant "Application Data".
No I have not yet looked at Vista. (I didn't renew our MSDN license last year as we are switching all servers to Linux, MySQL, etc.)

Ted.

 


Topic: Re: Configuration for Windows Limited Users (3 of 6), Read 28 times
Conf: Installation, Configuration
From: Ted Green
Date: Thursday, April 13, 2006 11:51 AM

At 06:22 AM 4/13/2006, you wrote:
>Why am I running as User? To help improve my security.
> See Aaron Margosis' excellent work at:
>http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
>
>and the White Paper: http://go.microsoft.com/fwlink/?LinkId=58445

More observations:

1. If you can spare an old computer, install 2 NIC cards and the freeware "IPCop.org" firewall on it. This will eliminate nearly all security attacks.
For our anti-spam work I personally visit 100+ spammer, hacker, etc websites a day, never have anti-virus running and have never gotten infected.

2. If you cannot run a dedicated hardware firewall, at least use a good software firewall like ZoneAlarm. The WinXP built-in firewall is nearly useless.

3. The new Microsoft "Live OneCare" (beta) has a much better firewall (it finally blocks outgoing connections). BTW - This paid subscription service has anti-virus and cleanup/optimization tools. Its too new to fully evaluate /compare to other products.

4. The Microsoft anti-spyware (now called Windows Defender Beta 2) is free and highly recommended for its "active" protection.

5. PC Tools "Spyware Doctor" is the best spyware scanning/removal tool.
(I prefer Windows Defender for active protection, especially since I keep active anti-virus turned off.)

Ted.

 


Topic: Re: Configuration for Windows Limited Users (4 of 6), Read 29 times
Conf: Installation, Configuration
From: Dave English
Date: Tuesday, April 18, 2006 06:21 AM

On 4/13/2006 11:51:30 AM, Ted Green wrote:
>At 06:22 AM 4/13/2006, you
>wrote:
>>Why am I running as User? To help improve my security.
>> See Aaron Margosis' excellent work at:
>>http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
>>
>>and the White Paper: http://go.microsoft.com/fwlink/?LinkId=58445
>
>More observations:
>
>1. If you can spare an old
>computer, install 2 NIC cards
>and the freeware "IPCop.org"
>firewall on it. This will
>eliminate nearly all security
>attacks.
>For our anti-spam work I
>personally visit 100+ spammer,
>hacker, etc websites a day,
>never have anti-virus running
>and have never gotten
>infected.

Thanks, yes, I know of IPcop.

>2. If you cannot run a
>dedicated hardware firewall,
>at least use a good software
>firewall like ZoneAlarm. The
>WinXP built-in firewall is
>nearly useless.

Yes, I use Kerio.

>3. The new Microsoft "Live
>OneCare" (beta) has a much
>better firewall (it finally
>blocks outgoing connections).
>BTW - This paid subscription
>service has anti-virus and
>cleanup/optimization tools.
>Its too new to fully evaluate
>/compare to other products.

I use NAV, which is our corporate standard & for which we have a group licence.

>4. The Microsoft anti-spyware
>(now called Windows Defender
>Beta 2) is free and highly
>recommended for its "active"
>protection.
>
>5. PC Tools "Spyware Doctor"
>is the best spyware
>scanning/removal tool.
>(I prefer Windows Defender for
>active protection, especially
>since I keep active anti-virus
>turned off.)

Thankfully, I have so far avoided Spyware by sensible browsing (omstly firefox) & restrictive IE zones.

LUA is a good general practice that tends to keep protection within my control. Few Unix owners would want to run all day everyday as "root", browsing all that the Internet has to offer & relying on proprietary third party products for security.

Thanks anyway