OT-ish ALL APPLICTION PACKAGES/ALL RESTRICTED APPLICATION PACKAGES

Started by jtrask, March 17, 2017, 07:28:15 AM

Previous topic - Next topic

jtrask

My mouth has written checks that I can't cash.  I thought it would be a breeze to set Adobe Acrobat Reader as the default PDF viewer on our Windows 10 systems.  Ugh.

I'm close, but I haven't successfully, via Winbatch, overwritten or modified C:\Windows\System32\OEMDefaultAssociations.xml.  The ALL APPLICATION PACKAGES and ALL RESTRICTED APPLICATION PACKAGES objects are limited to Read & Execute.  It appears that even though I'm running this as the local system, via SCCM, these other permissions trump my full control.

I'm about to try reading in the NTFS permissions on OEMDefaultAssociations.xml, changing them, editing the file, and then changing the permissions back.  All this assuming that there isn't some other Microsoft magic that keeps me from doing that.

I understand why Microsoft would want to keep third parties from tampering with user desktop and configuration, but this is killing me.

td

Are you sure those group permissions are causing your problem?  Those groups are generally used to provide access for Windows Store apps which otherwise run in a highly restricted ghetto all of their own.

A resent discussion of those groups can be found here:

http://forum.winbatch.com/index.php?topic=1804.0
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

jtrask

I modified my script to write file info to a log file before and after copying my file over the original.  Running via WinBatch Studio as me, with elevated permissions, the file in System32 didn't exist, as far as WinBatch was concerned.

I then switched to using a UNC path, for the gathering of file information and the copy and it worked.  Both the file info  collection and the file copy.

td

Quote from: jtrask on March 17, 2017, 08:42:53 AM
I modified my script to write file info to a log file before and after copying my file over the original.  Running via WinBatch Studio as me, with elevated permissions, the file in System32 didn't exist, as far as WinBatch was concerned.

That is because your file only exists in the 64-bit System32 folder.  It does not exist in the 32-bit System32 folder and WinBatch Studio is a 32-bit application.  You need to use "C:\Windows\Sysnative\OEMDefaultAssociations.xml" to be able to view the file from within WinBatch Studio 32-bit or select the Run (X64) menu item or select the X64-bit debugger menu item to switch to the  X64-bit debugger.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade