Confusing permissions for FOLDERID_PublicDocuments and FOLDERID_ProgramData
In trying to answer a question regarding开发者_如何学Go a folder that a program can write to on any version of windows by limited users, i suggested FOLDERID_ProgramData
and FOLDERID_PublicDocuments
. However, it would seem that not everyone has access to this folder, despite their purpose (ostensibly) being to allow anything to write to them. Why?
I think the idea is that the file owner is given full permissions on those directories, and he can then set who has access to the file.
I'll just try it out now...
...scratch that.
It seems the main set of permissions for regular users is given via the NETWORK and INTERACTIVE built-in security groups. The permissions are tied to the network location of the user (logged in locally or from the network). This is in contrast to the usual practice of granting permissions to the Users and/or Domain Users group.
This also explains why when I tried testing the effective permissions for some user, I got nothing back. (Only the administrator had explicitly defined permissions.)
精彩评论