Windows 8.1 and TC in admin mode problem

[Tass]

If TC has been executed as admin, you can't drag and drop files to TC, i mean from Windows Explorer to TC. Can it be fixed within TC?

[Horst.Epp]

Nothing has to be fixed.
That is a security feature of Windows.
You can't drop files from a normal application into a priviledged one.

[Tass]

Can TC have an option to bypass this security feature?

Please move someone move it to the proper forum (TC Suggestions).

[Horst.Epp]

Can TC have an option to bypass this security feature?

Please move someone move it to the proper forum (TC Suggestions).

You don't understand !
This can be any suggestion as it is an intrinsic and importand Windows feature
which can't be changed.
Don't start TC as admin and you have no such problems.
And don't tell us that all your work needs admin rights.

[Tass]

Ok first thing, are you part of TotalCommander staff? I doubt it.

I would like to know if the person talking to me like that is part of the staff or just a forum user with attitude problems and an overuse of bold writing.

Who are you to tell me if i need or want to use TC as admin 24/7? If it can't be implemented or staff don't want to implement it, they just have to say it politely, not in the way you do.

Second, I understand what you say perfectly, that's why i ask if it can be added as a new feature.

This is not a problem in Windows 7 where you just disable UAC and is solved, but in Windows 8 disabling UAC doesn't really disable it because all admin accounts are executed in Admin Approval Mode, and if you want to really disable UAC you have to disable Admin Approval Mode via secpol.msc, only after that you can drop files on a elevated TC instance.

So my question still stands, can it be implemented in TC so it can recive files droped from a non elevated window without disabling Admin Approval Mode?

Please Horst.Epp, ignore me, and let some TC staff answer me.

Thanks.

Can TC have an option to bypass this security feature?

Please move someone move it to the proper forum (TC Suggestions).

You don't understand !
This can be any suggestion as it is an intrinsic and importand Windows feature
which can't be changed.
Don't start TC as admin and you have no such problems.
And don't tell us that all your work needs admin rights.

[sqa_wizard]

Please Horst.Epp, ignore me, and let some TC staff answer me

If you don't want to talk to forum members, why do you post anything here? Send it directly per mail to the "single person staff".

You are new to the forum, but please stop bugging valuable forum members. That's not the way to say hello the polite way.

[Tass]

I value every forum member that post to help in a polite way, i just don't like people who thinks they are better than others because their post count is higher. This is a support forum, not a fan site.

I did not bug anyone, if fact, he did bug me with his two arrogant answers.

Lets stop spaming a support forum, if I have a question I will post it politely and if any member can help he can answer the same way, the rest is just spam.

All i need to know is if TC can build a new feature to bypass that Windows security measure, because if you are using Windows 8, you can't even change Total Commander options without launching it with administrator rights unless you install it in a non default folder.

Please Horst.Epp, ignore me, and let some TC staff answer me

If you don't want to talk to forum members, why do you post anything here? Send it directly per mail to the "single person staff".

You are new to the forum, but please stop bugging valuable forum members. That's not the way to say hello the polite way.

[Dalai]

All i need to know is if TC can build a new feature to bypass that Windows security measure

No, of course not! If there would be a way to bypass this feature it wouldn't make any sense, would it?

because if you are using Windows 8, you can't even change Total Commander options without launching it with administrator rights unless you install it in a non default folder.

That's just nonsense. TC will save wincmd.ini in "%AppData%\Ghisler" on Vista and higher and any user can write to that folder since it's in the user's home directory.

Regards
Dalai

PS: UAC can be disabled completely on Win7 as well as on Win8(.1). Just google for EnableLUA.

[sqa_wizard]

you can't even change Total Commander options without launching it with administrator rights unless you install it in a non default folder.

This is another security feature to understand:
You never need to change a program itself but it settings only.
Therefore windows protects the program folder against manipulation and saves the settings into the users folder.

So does TC by default at first installation ( ini file at users profile or All Users profile if you like )
If you really don't want to split program and settings, don't choose a protected folder as install destination.

[Tass]

All i need to know is if TC can build a new feature to bypass that Windows security measure

No, of course not! If there would be a way to bypass this feature it wouldn't make any sense, would it?

It can be turned off, so I was just asking if it could be aswell bypassed. I also think it can't be done, but i'm no programmer. No harm done asking.

because if you are using Windows 8, you can't even change Total Commander options without launching it with administrator rights unless you install it in a non default folder.

That's just nonsense. TC will save wincmd.ini in "%AppData%\Ghisler" on Vista and higher and any user can write to that folder since it's in the user's home directory.

That's just one of the two installation directories, the other one is to put the INI files in same folder than the program, this way is easier to back it up and copy the whole program in just one directory, then, you won't be able to write there unless you are administrator in Windows 8.

PS: UAC can be disabled completely on Win7 as well as on Win8(.1). Just google for EnableLUA.

I never said it can't be disabled, i said i can't be disable in the same way we used to do in Windows 7 by moving the UAC slider to the bottom. You need to edit Sec Policies to disable it in W8.

Do you use Windows 8? If you do, you can try this to see my point, in Windows 8 when you disable UAC in the UAC disable menu, you just disable de notifications, but the protection is still on in many ways.

Just try this to see what i mean, METRO apps can't run if UAC is off. Turn your UAC off and then try to run Weather or any other metro app, it will work. Try to make a directory in C:\Windows\System32, you won't be able unless you do it with admin rights. That is a UAC feature, Admin Aproval Mode.

Now launch Local Security Policies editor (secpol.msc) and search for Local Policies/Security Options and disable "User Account Control: Run all administrators in Admin Approval Mode". Only now UAC will be completely disabled for administrators, you will be able to write in protected folders without confirmation and metro apps won't work with the warning "can't run with UAC off".

[Tass]

Thanks Wizard, i understand that. But in Windows 7 it wasn't a problem but with Win8 it is.

I guess I will have to chose between disabling Admin Aproval Mode or not droping files in TC, as runing TC without admin rights in Windows 8 is not what I need. And as you say, it can't be solved within TC.

Thanks.

you can't even change Total Commander options without launching it with administrator rights unless you install it in a non default folder.

This is another security feature to understand:
You never need to change a program itself but it settings only.
Therefore windows protects the program folder against manipulation and saves the settings into the users folder.

So does TC by default at first installation ( ini file at users profile or All Users profile if you like )
If you really don't want to split program and settings, don't choose a protected folder as install destination.

[Dalai]

It can be turned off

No, it can't. You can try it for yourself (no matter if UAC is on): just run one TC instance as regular user and another TC instance as another user (I don't mean "Run As Administrator" but "Run As a different user"): you can't drag'n'drop files between those two processes even if both users have administrative privileges.

That's just one of the two installation directories, the other one is to put the INI files in same folder than the program, this way is easier to back it up and copy the whole program in just one directory, then, you won't be able to write there unless you are administrator in Windows 8.

Yeah, so? That's the case since Win2k. BTW: You can set permissions on wincmd.ini (and other files if necessary) so it can be written to by normal users. That way you won't need to run TC as admin.

Regards
Dalai

[Tass]

How can you say it can't? Maybe you should say "i don't know how" instead of it can't...

I never said anything about two different users, this is about droping a file from a user desktop to the same user TC window with admin rights.

https://vid.me/yUbh

That's a video with it turned off via secpol, TC been executed as admin, and then a text file been droped from desktop to TC. And for you to see that TC is executed as admin, then I run a cmd window where you can read "administrador" (administrator in Spanish) in it. The reason for what TC doen't show user^- Total... in the tittle bar is because once you disable UAC/AAM it never shows no matter how you start it.

It can be turned off

No, it can't. You can try it for yourself (no matter if UAC is on): just run one TC instance as regular user and another TC instance as another user (I don't mean "Run As Administrator" but "Run As a different user"): you can't drag'n'drop files between those two processes even if both users have administrative privileges.

[Dalai]

How can you say it can't? Maybe you should say "i don't know how" instead of it can't...

This security feature can't be turned off because it would be pointless in that case.

I never said anything about two different users, this is about droping a file from a user desktop to the same user TC window with admin rights.

So? It's the same thing to elevate TC with UAC turned on as running two processes with different users (that both have administrative privileges)!

That's a video with it turned off via secpol, TC been executed as admin, and then a text file been droped from desktop to TC. And for you to see that TC is executed as admin, then I run a cmd window where you can read "administrador" (administrator in Spanish) in it. The reason for what TC doen't show user^- Total... in the tittle bar is because once you disable UAC/AAM it never shows no matter how you start it.

So your TC is running with the same privileges (more precisely: the same security token) as Explorer does so this security feature doesn't apply! It's not disabled!

Regards
Dalai

[Tass]

You are talking about a different thing Dalai, you switch subject as it fits you...

I said there is a security measure that avoids a normal explorer instance to drop an item on a elevated TC instance.

I said that problem can be disabled, by turning off AAM, so you can drop an item from desktop to TC.

You said it can't be done.

I proved it can be done with that video.

Now you start talking about security tokens, of course both processes Explorer and TC run the same token after disabling AAM, that's the point, there is a way to make both run the same token so they can share items. The security measure we disable here is the one that assigns different tokens to desktop and elevated instances, not the imposibility to share items between different users, of course.

We were talking just and simply about droping an item from desktop to TC admin window. Don't lecture me about Windows security features that we are not discussing here, i will repeat it to you, this was all about droping an item from desktop to admin TC, you said the security measure couldn't be disabled so it can be droped, and i proved you it can be disabled and done.

Anyway, i'm not keeping posting about this matter, no point. Thanks for all your input guys.