locked
Saving file on C: in Windows Vista RRS feed

  • Question

  • Hi

     
    I have a problem with some legacy application which I would like to run on Windows Vista (as non-admin user of course). Unfortunately this app. tries to save file in the root directory (C:\) First, on fresh Vista installation I tried to set necessary permissions to user account who will use given PC, but after this, application still failed. I figured out that I'm not able to create new file in root directory even from Windows Explorer. I read about this problem a little and some people suggest to disable UAC - I did it but the issue didn't disappear - I'm still not able save file on C: as non-administrator. Process Monitor shows result "PRIVILEGE NOT HELD", Windows Explorer shows message with error code "0x80070522" which means the same. Have you got some idea - what mistery force don't let to save file even if "Effective Permissions" shows that I should be able to do this and UAC is disabled?
     
    Thanks for help
    Marcin
    Thursday, February 14, 2008 10:38 AM

Answers

  • Hi Marcin,

    Please run "gpedit.msc" to open GPO editor, navigate to "Computer Configuration" - "Windows Setting" - "Security Settings" - "Local Policies" - "Security Options", disable the relevant UAC settings, then restart the settings, try to create files on C driver.

    --------------------
    Regards,
    Eric Zhang
    Microsoft Online Community Support




    Wednesday, February 20, 2008 9:40 AM

All replies

  • Hi Marcin,

    That is by design and is a function of User Account Control (UAC) and the
    ACL on the root of the drive. The ACL permits only Administrators and System
    from writing files to the root of the drive. UAC means that even if you are a
    member of the Administrator's group you do not run as an administrator unless
    you elevate.

    If you really want to, you can launch whatever process you use to write the
    files with as an administrator and then you can write there. If you try to
    drag and drop a file there you get an elevation prompt. The recommended
    solution is to not store data there though.

    or

     

    If you really are adamant about storing files in the root of the C: and you do not want to
    elevate each time, you can resolve the situation by adding an access control
    list entry for your account to the root of the drive, as follows:
    1. Click the Window button:All Programs:Accessories
    2. Right-click on Command Prompt
    3. Select Run as administrator and accept the prompt
    4. Run this command: icacls c:\ /grant foo (OI)(CI)(M)

    That will grant the user foo modify permissions on c:\. All objects (OI) and
    containers (CI) will inherit those permissions. You would need to replace foo
    with the name of your user account.

    Once you do that any application you run as user foo will be able to store
    data in the root of the C: drive. You will also have losened a default
    security setting, with all the caveats that entails.


    --------------------
    Regards,
    Eric Zhang
    Microsoft Online Community Support





    Tuesday, February 19, 2008 9:59 AM
  •  

    Hi Eric, thanks for your response.

     

    But the problem still exist - that means, first I've disabled UAC (via MSConfig tool), next I've added permissions to C:\ for specified user (by Windows Explorer, C: properties, Security tab). User was not able to save on C:. Now I've done command which you wrote in your message (icacls), but it changed nothing. I try to create file on C: in Windows Explorer - get the error 0x80070522. Open Notepad and save file on C: - message: "Client doesn't have permissions". You know, that's not it I'm adamant about saving in root directory, but I just like to know how the things work Smile I've made even similar test on Win XP and after adding permissions on C: for simple user, he/she is able to save file there. So it looks like UAC mechanism on Vista is not completely disabled and it still guards system folders, even if permissions are OK. Any more idea?

     

     

    Regards
    Marcin

    Tuesday, February 19, 2008 4:19 PM
  • Hi Marcin,

    Please run "gpedit.msc" to open GPO editor, navigate to "Computer Configuration" - "Windows Setting" - "Security Settings" - "Local Policies" - "Security Options", disable the relevant UAC settings, then restart the settings, try to create files on C driver.

    --------------------
    Regards,
    Eric Zhang
    Microsoft Online Community Support




    Wednesday, February 20, 2008 9:40 AM

  • Hi Marcin,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios.

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks!
    --------------------
    Regards,
    Eric Zhang
    Microsoft Online Community Support

    Monday, February 25, 2008 5:58 AM
  • There's a simpler answer. From an elevated cmd prompt, run:

    icacls c:\ /setintegritylevel M

    ... now you can write to c:\ !!
    Wednesday, November 12, 2008 1:17 PM
  • I know this thread is old, but since people (like me) might dump into it while searching the interwebs years later, here is a description of what might cause "Privilege not held":

    http://chentiangemalc.wordpress.com/2011/12/05/case-of-the-internet-favourite-that-couldnt-be-added/

    Seems to me that

    icacls c:\ /setintegritylevel (OI)(NP)(IO)M:(NW)

    will give Medium integrity processes write access to C:\

    But anyone considering running this on their machine(s) should probably first check out other possible solutions (change the c:\ path to something else, App-V, a shim...)

    Thursday, May 24, 2012 12:49 PM