none
Application get "permission denied" in C:\Users\%username%\AppData\local\Temp dir RRS feed

  • Question

  • I have a very strange security issue with an application used in Windows 10 Pro x64 environment. Using Workgroup.

    When my program want to write to the users temp dir "..\%username%\AppData\local\Temp" i get a "permission denied" from the application. hence my User have Full Permission on both application and folder.

    Program action
    From my program i have a set of GPS coordinates to open Google Earth Pro. This working from several other machines using identical setup. 

    When i tab "show in Google Earth" in my application, it writes an .kml file to ..\temp and the executes it to start Google Earth Pro. But it does not start, as my application gets Access Denied to write in the ..\temp folder.

    TESTS

    If it try to run an .kml file i created manually, it runs Google Earth Pro and shows the location defined as intended. So i know that Google Earth Pro works.

    Application have another function called "print data" this function also leaves the files to print in .\%username%\AppData\local\Temp.
    So i know that my application can write here. Why can't it write/create a new file then? 

    Folder Permission
    In ..\%username%\AppData\local\Temp my user User1 have set security for the user to Full permission. My user can Write/Change/Read and Delete from the ..\Temp folder.

    I have set the following on the ..\Temp folder for User1:
    User1 is set will Full permission to folder, sub folder and file
    User1 is set as Owner on the folder, with inherit of permissions

    Application
    User1 is set to Full permission to run the application, for security to overcome the UAC prompt for administrator all the time

    I am quite stuck here, as the program have Full Permission from the ACL for the user1 both when running the application and in the folders. i don't really know where else to look, when the ACL is set as intended, and works on other machines?!

    Tuesday, June 11, 2019 9:40 AM

All replies

  • "hence" : I do not think it means what you think it means. 

    I find your use of path syntax strange.
    a path "..\" is one up from the current directory, so both 
       ..\%username%\AppData\local\Temp
    and
      ..\Temp
    are probably not the same as 
      C:\Users\%username%\AppData\local\Temp
    You should use %TEMP%, as the user can have changed the default to point to a completely different folder outside of %USERPROFILE%

    "User1 is set to Full permission to run the application, for security to overcome the UAC prompt for administrator all the time" ??
    Depending on the app manifest the application can require elevation regardless of any file system permissions.

    I would use Process Monitor to see what is really accessed and on what action what permission is denied.

    Tuesday, June 11, 2019 1:17 PM