Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

aDVll

Weird. My internet explorer created the Browser folder that has access to it. I think this is the intended function. You don't have a browser folder?


HJLBX

Quote from: aDVll on April 15, 2016, 11:40:54 AM
Weird. My internet explorer created the Browser folder that has access to it. I think this is the intended function. You don't have a browser folder?



I have browser folder.

Try to save file to C:\ReHIPS using Cyberfox, Access is Denied.  I have identical configurations for both IE and Cyberfox isolated environments - set up Cyberfox access to C:\ReHIPS identical to that of Internet Explorer.

aDVll

Permissions only allow administrator to write in C:\ReHIPS. When you launch an application isolated it doesn't have admin rights so it can't write there. The Browser folder on the other hand can be written by normal users that's why it works.

HJLBX

Quote from: aDVll on April 15, 2016, 12:10:29 PM
Permissions only allow administrator to write in C:\ReHIPS. When you launch an application isolated it doesn't have admin rights so it can't write there. The Browser folder on the other hand can be written by normal users that's why it works.

Thanks.  Fumbling about trying out how the file system access rights and access works with ReHIPS.

aDVll

What i don't understand is why i can't access the files from an isolated app if i give it access from permission tab in the gui.
For example i give permission to C:\Users\Admin\test pic for Firefox(isolated). When i open firefox and try to browse to that account folder i don't see it. Any idea why it's happening?

fixer

ReHIPS folder was designed to contain auto-installed subfolders. It wasn't designed for subfolders to be created manually. So current access rights may pose a problem for this. It will be redesigned in this release to support both auto and manually created folders.

Quote from: aDVll on April 15, 2016, 12:25:27 PM
What i don't understand is why i can't access the files from an isolated app if i give it access from permission tab in the gui.
For example i give permission to C:\Users\Admin\test pic for Firefox(isolated). When i open firefox and try to browse to that account folder i don't see it. Any idea why it's happening?
There was some discussion about it here, maybe it'll help.
Quote from: fixer on April 14, 2016, 01:38:33 PM
If you have Copy User Data flag set, it's possible. For example you have C:\Users\HJLBX\Pictures\picture.bmp you wish to open in isolated Paint. You start isolated Paint (don't forget to set Copy User Data flag), File-Open menu, navigate to C:\Users\ReHIPSUserX\Pictures (Paint isolated ReHIPS User) or C:\Users\HJLBX\Pictures (doesn't matter which one as the latter will be redirected to the former), type picture.bmp as File name and click Open. Yes, you might not see this file in the list of files in folder as it hasn't been copied to the isolated environment yet. But when you enter the file name and try to open it, it'll be copied and successfully opened.

aDVll

Yes i saw that but unfortunately i still don't understand. I understand how the copy user data works but what is the use of permission tab if it's not to give permission to main account folders? This is what i don't understand.

QuoteIn other words you can block or allow an access to some folder, file or registry entry for all programs in this isolated environment.

In help file it's saying the quote msg above. So i opened a file and still can't access it. Obviously i am missing something and would like some help.

crasher

Quote from: HJLBX on April 15, 2016, 02:28:20 AM
Is there any way to optimize the alerts so that multiple alerts do not appear all at one time ?

This commonly occurs during program installations.

It has never caused a problem in my experience, but some users complain about HIPS that permit a flurry of alerts to appear all at once.

I suppose it causes confusion and\or the user might worry that it will cause errors, problems, failed installs, etc - if they respond to the alerts out-of-sequence with the actual run sequence (asynchronous response to alerts).

Thanks for your suggestion. We'll think of something in one of the following releases.

fixer

Quote from: aDVll on April 15, 2016, 12:55:44 PM
what is the use of permission tab if it's not to give permission to main account folders? This is what i don't understand.
Permission tab was designed to control access rights to any file/folder except real user profile folder. Real user profile folder is a special folder that is treated specially, any access to it is always redirected to ReHIPS user profile folder. Any other file or folder access is controlled by permission tab.

HJLBX

Quote from: fixer on April 15, 2016, 01:21:31 PM
Quote from: aDVll on April 15, 2016, 12:55:44 PM
what is the use of permission tab if it's not to give permission to main account folders? This is what i don't understand.
Permission tab was designed to control access rights to any file/folder except real user profile folder. Real user profile folder is a special folder that is treated specially, any access to it is always redirected to ReHIPS user profile folder. Any other file or folder access is controlled by permission tab.

So, if I understand correctly, access rights to folders\files in Isolated Enviornment control panel is for ReHIPSUser profile only.

The only exception to this is C:\ReHIPS sub-folders.

Can user add sub-folders manually to C:\ReHIPS without any issues - for example - Pictures folder ?

aDVll

Quote from: fixer on April 15, 2016, 01:21:31 PM
Quote from: aDVll on April 15, 2016, 12:55:44 PM
what is the use of permission tab if it's not to give permission to main account folders? This is what i don't understand.
Permission tab was designed to control access rights to any file/folder except real user profile folder. Real user profile folder is a special folder that is treated specially, any access to it is always redirected to ReHIPS user profile folder. Any other file or folder access is controlled by permission tab.
Nice. It's completely clear now. Maybe i missed that real user profile folder is excluded from that permission tab but if i didn't miss and it's not in the help file you can maybe add it.

@HJLBX I think access rights to folders\files in Isolated Enviornment control panel is for anything except real user profile folders.

fixer

Quote from: HJLBX on April 15, 2016, 01:32:32 PM
So, if I understand correctly, access rights to folders\files in Isolated Enviornment control panel is for ReHIPSUser profile only.
You can set access rights to any files and folders except real user profile folder. Actually you can set access rights there too, but they won't matter as redirection is in effect. I think, we'll add error for this, added to our TODO list.

Quote from: HJLBX on April 15, 2016, 01:32:32 PM
Can user add sub-folders manually to C:\ReHIPS without any issues - for example - Pictures folder ?
Right now ReHIPS folder isn't designed for the subfolders to be created manually. But I'll fix this in this release.

HJLBX

Is it possible to configure browser - media player such that when download movie, the media player will open inside a completely different ReHIPSUser - but access the movie data downloaded to browser ReHIPSUser ?

In other words, create a movie data pipe between two independent ReHIPSUsers ?

Umbra

Quote from: HJLBX on April 16, 2016, 04:22:58 AM
Is it possible to configure browser - media player such that when download movie, the media player will open inside a completely different ReHIPSUser - but access the movie data downloaded to browser ReHIPSUser ?

In other words, create a movie data pipe between two independent ReHIPSUsers ?

You can already by navigating from the media player's "open files" function and then access the other ReHIPSUser folders.

fixer

Quote from: umbrapolaris on April 16, 2016, 06:34:45 AM
You can already by navigating from the media player's "open files" function and then access the other ReHIPSUser folders.
You're right, it should work, but only if media player runs unisolated from the real user. As ReHIPS grants the real user access to C:\ReHIPS folder and ReHIPS users profile folders for the user convenience.

Quote from: HJLBX on April 16, 2016, 04:22:58 AM
Is it possible to configure browser - media player such that when download movie, the media player will open inside a completely different ReHIPSUser - but access the movie data downloaded to browser ReHIPSUser ?

In other words, create a movie data pipe between two independent ReHIPSUsers ?
By default isolated environments don't have any access to each other folders. If you don't want to copy/move the file there are 2 ways to get this working. You can grant your media player access to the Browser folder in the permissions tab (read access should be enough, I suppose). Or you can set "Open file access" media player option (read access should be enough again) and use double-click to open the file.