When notepad is run, I can drag/drop a file to open it, but then it can't save the file. When I run notepad elevated to save the file, I can no longer drag/drop to open the file.
I understand its a security risk to drag a file from a non-elevated program to an elevated program; however, when I run explorer elevated as well, I still cannot drag/drop to elevated notepad.
Why doesn't the OS allow two elevated programs to exchange information via drag/drop? I'm seriously considering going back to using Windows Server 2003 over this.
Edit: Seems that two elevated programs can exchange info; explorer was just failing to elevate. Once explorer is elevated, files can be dragged from explorer to an elevated notepad.
The inability to "drag and drop" from Explorer to an elevated Notepad window is a manfestation of the user interface privilege isolation (UIPI) feature. It's in the OS to prevent an less-privileged application from sending arbitrary "messages" (in the sense of operating system / application inter-process communication) to another, higher-privileged application. If the higher privileged application handled a message improperly it might be possible to for the less-privileged application to cause the higher-privileged application to execute arbitrary code on its behalf (these types of attacks are referred to as shatter attacks, so named in a 2002 paper describing the method of attack in then-current versions of Windows).
You can think of it a little bit like a "firewall" between applications running with a lower "integrity level" (unprivileged) and those with a higher integrity level (elevated).
If you REALLY want an elevated Windows Explorer, do the following:
Explorer will re-open elevated.
If you don't want to disable UAC, you could try just disabling UIPI (User Interface Privilege Isolation).
Open regedit and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemAdd a new
DWORD (32-bit) ValuecalledEnableUIPIand set it to0.Restart the machine and see if it behaves as you want it to.
This was a problem on Vista, and I guess its made its way to server 2008 as well. Basically you can't run explorer elevated. You get the security option to do it, and it seems to have worked when you do so, but actually you still end up with a standard (non elevated) explorer window, hence the problem your having.
The workarounds I have had to use in the past have involved either using the save as explorer windows in your elevated notepad session, as this is also elevated, or using an elevated command prompt to create files, but none of these will fix your drag and drop issue obviously. Its a pretty crappy bug, that's been about for some time, I don't know why they don't fix it so you can run an elevated instance of explorer.
I think the problem is that when you run programs as administrator they are still running in the same window station as all your other programs. Explorer will only allow itself to be run once in any window station, i.e. one instance of explorer.exe, so you cannot run an elevated copy of Explorer.
There's a tendancy to complain about the intrusive aspects of user access control, but security always comes at a price. I must admit that I turn UAC off on servers that are rarely logged into, because I trust myself not to do anything stupid. I do leave UAC on for terminal servers, and I'm more than happy to put up with the minor hassles this entails.
JR
At a guess I would say that the code in charge of marshalling the details required for drag-n-drop is running in an un-elevated context along with the rest of the UI (including Explorer) so it is not going to be able to access to pipe information between the two processes.
Edit the copy in your configuration database and then copy the new version to your host overwriting the old one (or have the config db do all the work for you if it can) ;)
Or, open the file from the elevated notepad directly if you do not want to elevate explorer.
Editing system files isn't suppose to be a click, drag and drop thing - at least not as I see it. Also there is not much problem disabling UAC for administrative sessions either, you should only do administrative work on the server anyway (sans terminal servers or whatnot) so why bother with UAC when the only thing you want to do requires elevation any way?
UAC is not really a security boundary as there are several ways for applications to circumvent it. That's why you should normally run as a standard user with normal rights where elevation isn't possible without providing additional credentials - just as before UAC was introduced.
In my opinion, UAC introduced a more friendly runas dialog with some intelligence, it shouldn't be used to run as administrator and feel safe about it.