Full functions in Limited user account

Ideas for enhancements to the software
Post Reply
NoMalware
Posts: 15
Joined: Thu Dec 11, 2008 12:43 pm

Full functions in Limited user account

Post by NoMalware » Tue Jan 13, 2009 12:17 pm

"Delete Invocation", "Automatically delete contents of sandbox" currently does not work in a Windows XP Limited Account. It would be great if SbieCntl.exe could function the same in a Limited user account as it does an an Administrator user account.
Top
user

Post by user » Tue Jan 13, 2009 1:11 pm

1) check that Secondary logon service is enabled
(use Admin account if needed to modify)

2) play with Run As... property
(as program and/or as service)

3) be happy
(keep smiling - it makes people angry))
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Jan 13, 2009 7:11 pm

I don't know why it should work, except perhaps your C:\Sandbox folder (or any folder within it) is not writable by non-Administrators? Try to use

From your limited account, try this:

Sandboxie Control > Sandbox menu > Set Container Folder
Select some other location, such as C:\SandboxTest

Experiment with the sandbox delete functions to see if they work after this change.
tzuk
Top
NoMalware
Posts: 15
Joined: Thu Dec 11, 2008 12:43 pm

Post by NoMalware » Tue Jan 13, 2009 10:48 pm

Thank you tzuk. I will try that. As you know, in a limited account, you have write access at the root of the C:\drive by default. There is a catch however, you have to have a folder first to write into then files can be wriiten into that folder. Files all alone will not write on the root. In a limited account, C:\Sandbox is writable, but the contents are not deletable. As soon as I give sbiectrl.exe admin rights, the contents delete normally. The folders left behind inside look like this: delete_randomcharacters
Top
;)

Post by ;) » Wed Jan 14, 2009 4:22 am

@NoMalware tzuk gave you a tip to troubleshoot the issue via owner ID (NTFS thinks who CREATES a file/folder that have FULL access to it).

By default the root and Program Files dirs are under Admin full control, but users have LIMITED access (e.g. READ ONLY)

So, you can -
a ) create your own new folder and assign it in Sandboxie
b ) go under Admin and set necessary access right of the folder for user (or grant full access)
c ) find other brainsqeezing solution

Good luck.
Top
wraithdu
Posts: 1410
Joined: Fri Jun 29, 2007 2:54 pm

Post by wraithdu » Wed Jan 14, 2009 11:12 am

Actually, if you delete the root Sandbox folder, Sandboxie recreates it with full access for the Everyone group. So just try removing it completely and see how it goes from there.
Top
NoMalware
Posts: 15
Joined: Thu Dec 11, 2008 12:43 pm

Post by NoMalware » Wed Jan 14, 2009 9:44 pm

Actually it's not "Everyone" but "Authenticated Users" with "Special Permissions" and "Allow" checked.
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Jan 15, 2009 8:29 am

That's correct, NoMalware. I just recently changed that from Everyone to Authenticated Users.
tzuk
Top
Post Reply

Return to “Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest