EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ReparseFileNameRules ignored for certain processes

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#20760
Posted: 07/11/2012 10:11:28
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

We use ReparseFileNameRule to redirect access to folders to a path on another drive.

According to procmon the reparse rules seem to be ignored by processes running in NT-Authority\SYSTEM account, e.g. svchost.exe and System.

Does ReparseFileName only work for processes running in the user's account?
#20764
Posted: 07/11/2012 11:34:07
by gavind (Basic support level)
Joined: 07/11/2012
Posts: 1

+1. I'm looking for the same answer.


Two for the Money
#20765
Posted: 07/11/2012 11:49:49
by Vladimir Cherniga (EldoS Corp.)

Quote
Does ReparseFileName only work for processes running in the user's account?

No, it doesn't. We will check this issue asap.
#20769
Posted: 07/11/2012 12:20:02
by Vladimir Cherniga (EldoS Corp.)

Made a simple test with notepad running under NT-Authority\SYSTEM account. Reparse rule works as expected. How can i reproduce the problem ?
#20772
Posted: 07/11/2012 15:54:54
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

Two things did not work when we use the reparse paths:

- we can't mount TrueCrypt containers in a reparse path (the .tc-file is stored in a reparsed path)
- running an executable from a reparsed path that shows a UAC popup doesn't work (e.g. double-click on an installer file)

Both times a "file not found" error comes up.
#20773
Posted: 07/11/2012 17:52:36
by Vladimir Cherniga (EldoS Corp.)

Quote
- running an executable from a reparsed path that shows a UAC popup doesn't work (e.g. double-click on an installer file)

Could you explain in more details, how to reproduce this case.
#20774
Posted: 07/11/2012 23:39:04
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

- add a reparse rule c:\test\*.* -> d:\test\*.*

- put a regular executable (notepad.exe) on d:\test\notepad.exe
-> running c:\test\notepad.exe works

- put an executable that need admin rights (e.g. Sysinternals procmon.exe) on d:\test\procmon.exe
-> running c:\test\procmon.exe should show UAC on Windows 7, but shows "file not found" instead.
#20785
Posted: 07/16/2012 03:48:12
by Vladimir Cherniga (EldoS Corp.)

Quote
-> running c:\test\procmon.exe should show UAC on Windows 7, but shows "file not found" instead.

What settings for UAC did you use ? With a default settings it is not reproducible. But i used a reparse rule withing the same local disk, like this c:\1\*.* -> c:\2\*.* Does it mandatory to set rule on different volumes in order to reproduce the problem ?
#20816
Posted: 07/18/2012 04:52:06
by Bernd Kammerberger (Standard support level)
Joined: 04/27/2012
Posts: 7

It happens when we use default UAC settings (so I'm logged in as an administrator, but when I click procmon.exe usually the UAC popup comes up and I have to confirm that I want to proceed)

We use mapping to a CbFs drive which is mapped as a network drive - you could check our last helpdesk ticket to see our environment.
#20878
Posted: 07/24/2012 15:26:17
by Vladimir Cherniga (EldoS Corp.)

Quote
It happens when we use default UAC settings (so I'm logged in as an administrator, but when I click procmon.exe usually the UAC popup comes up and I have to confirm that I want to proceed)

Does it reproducible with a cbfs Mapper sample, creating network mounting point with a drive letter and cbfilter with a reparse rule added as described in your previous post ? In my tests they work without errors.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 3744 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!