How to allow to allow admins to edit my app's config files without UAC elevation?

Justin Grant picture Justin Grant · Mar 15, 2010 · Viewed 7.7k times · Source

My company produces a cross-platform server application which loads its configuration from user-editable configuration files. On Windows, config file ACLs are locked down by our Setup program to allow reading by all users but restrict editing to Administrators and Local System only.

Unfortunately, on Windows Server 2008, even local administrators no longer have admin privileges (because of UAC) unless they're running an elevated app. This has caused complaints from users who cannot use their favorite text editor to open and save config files changes-- they can open the files (since anyone can read) but can't save.

Anyone have recommendations for what we can do (if anything) in our app's Setup to make editing easier for admins on Windows Server 2008?

Related questions: if a Windows Server 2008 admin wants to edit an admins-only config file, how does he normally do it? Is he forced to use a text editor which is smart enough to auto-elevate when elevation is needed, like Windows Explorer does in response to access denied errors? Does he launch the editor from an elevated command-prompt window? Something else?

Answer

Anders Abel picture Anders Abel · Mar 24, 2010

In my opinion an administrator that doesn't manage to right-click notepad and select "run as administrator" shouldn't be an administrator, but well... in real life there are such administrators around.

UAC works by disabling the administrator group SID from the user's security token, until you run a program with elevated priviliges. When running in non-elevated mode there is unfortunately no way to utilize the administrative rights.

One workaround, which unfortunately requires a non-trivial amount of work could be to:

  • Create a custom file name suffix for your config file.
  • Create a small application which is registered as the handler for that config file.
  • Mark the small application as requiring elevated priviliges (you can do this as you are creating a new application).

The only thing that the small application should do is to locate the registered handler for .txt file in the registry and then use it to open the file - with elevated priviliges.