EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ReparseFileNameRules ignored for certain processes

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#20760
Posted: 07/11/2012 10:11:28
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

We use ReparseFileNameRule to redirect access to folders to a path on another drive.

According to procmon the reparse rules seem to be ignored by processes running in NT-Authority\SYSTEM account, e.g. svchost.exe and System.

Does ReparseFileName only work for processes running in the user's account?
#20764
Posted: 07/11/2012 11:34:07
by gavind (Basic support level)
Joined: 07/11/2012
Posts: 1

+1. I'm looking for the same answer.


Two for the Money
#20765
Posted: 07/11/2012 11:49:49
by Vladimir Cherniga (EldoS Corp.)

Quote
Does ReparseFileName only work for processes running in the user's account?

No, it doesn't. We will check this issue asap.
#20769
Posted: 07/11/2012 12:20:02
by Vladimir Cherniga (EldoS Corp.)

Made a simple test with notepad running under NT-Authority\SYSTEM account. Reparse rule works as expected. How can i reproduce the problem ?
#20772
Posted: 07/11/2012 15:54:54
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

Two things did not work when we use the reparse paths:

- we can't mount TrueCrypt containers in a reparse path (the .tc-file is stored in a reparsed path)
- running an executable from a reparsed path that shows a UAC popup doesn't work (e.g. double-click on an installer file)

Both times a "file not found" error comes up.
#20773
Posted: 07/11/2012 17:52:36
by Vladimir Cherniga (EldoS Corp.)

Quote
- running an executable from a reparsed path that shows a UAC popup doesn't work (e.g. double-click on an installer file)

Could you explain in more details, how to reproduce this case.
#20774
Posted: 07/11/2012 23:39:04
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

- add a reparse rule c:\test\*.* -> d:\test\*.*

- put a regular executable (notepad.exe) on d:\test\notepad.exe
-> running c:\test\notepad.exe works

- put an executable that need admin rights (e.g. Sysinternals procmon.exe) on d:\test\procmon.exe
-> running c:\test\procmon.exe should show UAC on Windows 7, but shows "file not found" instead.
#20785
Posted: 07/16/2012 03:48:12
by Vladimir Cherniga (EldoS Corp.)

Quote
-> running c:\test\procmon.exe should show UAC on Windows 7, but shows "file not found" instead.

What settings for UAC did you use ? With a default settings it is not reproducible. But i used a reparse rule withing the same local disk, like this c:\1\*.* -> c:\2\*.* Does it mandatory to set rule on different volumes in order to reproduce the problem ?
#20816
Posted: 07/18/2012 04:52:06
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

It happens when we use default UAC settings (so I'm logged in as an administrator, but when I click procmon.exe usually the UAC popup comes up and I have to confirm that I want to proceed)

We use mapping to a CbFs drive which is mapped as a network drive - you could check our last helpdesk ticket to see our environment.
#20878
Posted: 07/24/2012 15:26:17
by Vladimir Cherniga (EldoS Corp.)

Quote
It happens when we use default UAC settings (so I'm logged in as an administrator, but when I click procmon.exe usually the UAC popup comes up and I have to confirm that I want to proceed)

Does it reproducible with a cbfs Mapper sample, creating network mounting point with a drive letter and cbfilter with a reparse rule added as described in your previous post ? In my tests they work without errors.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3309 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!