powered by Jive Software

"Run as" an administrator AD bug

I think i came across a bug - I deployed openfire with the spark clients in my company but as the users don’t have the administrative privilages to run the installation files on their desktops I have to install it manuall, from a central location, using “run as” (and my username and password follow).

After the installation is complete, the user logs in and it seems to be fine…however as soon as he tries to add his own avatar - ( Spark->Edit my profile->avatar->browse) suddenly he can browse my documents (administrator’s) instead of theirs!! i believe it’s a serious security issue and i’m actually lucky i saw that happening. The problem is gone only after a user actually logs off from his pc(not only spark) and logs in again.

Is there a patch or something for this problem?

cheers

jacek

Hi,

do you also start Spark as an administrator? I’m quite sure that Spark does not contain any code which allows it to browse files and folder which a normal user can not browse.

LG

No i’m logged on to the pc as a user, locate the installation file on the file server, Run as, install, start the application and login to spark as a user.

When the user logs off from spark and closes the application - after starting it again he can still see my documents not his. He has to log off from windows and login again and only then he can see his own again. i hope it makes sense

It is because you installed it as that user so spark is running as that user. This is a windows thing with the installer program. I have seen it with other apps too. It needs to be installed by the system via an AD software install or by a user with admin rights. The problem is the non-beta mis files do not install with proper privileges to allow spark to run the first time under a non-admin. to get around this I built my own MSI.