Skyrim Unplugged (by stoppingby4now)

[stoppingby4now]

Skyrim Unplugged has been released on The Nexus and is available at the Skyrim Unplugged project page.Further information is available on the Description view. In short, Skyrim Unplugged allows you to enforce the Automatic Updates setting in Steam, allowing you to choose when you want to update Skyrim.

[MadWizard25]

The launcher will assume the permissions of the user that executes it. Therefore, if you're running as an admin, the launcher will have administrative rights.

 

Yeah, thats what i assumed, with UAC off and on an admin account, SkyrimLauncher will run in admin mode. But if thats my case, then I would expect to have TESV.exe and co deleted. But skyrimlauncher does not delete anything, and i run it often to generate default inis.

 

Taking what sb4n wrote into account, maybe its the steam client service? But i also run that. I do not allow cloud syncing though. Furthermore, i have my ownership of the skyrim directory as full administrator.

 

Im using win 7 64bit with latest service pack.

 

Skyrim installation path is on a non-OS hard drive, within steam folder which is within a directory i created called Program Files (does not have same properties of OS Program Files).

 

Skyrim folder is not a junction.

 

TYPE - NAME - PERMISSION - INHERITED FROM - APPLY TO
Allow - Users - Full Control - F:\Program Files\Steam\ - This folder, subfolders, and files
Allow - SYSTEM - Full Control - F:\Program Files\Steam\ - This folder, subfolders, and files
Allow - Administrators - Full Control - F:\ - This folder, subfolders, and files
Allow - Authenticated Users - Modify - F:\ - This folder, subfolders, and files
Allow - Users - Special - F:\ - Subfolders and files only
-> Traverse folder - Allow
-> List folder - Allow
-> Read attributes - Allow
-> Read extended attributes - Allow
-> Read permissions - Allow

Its pretty much exactly the same as yours.

[stoppingby4now]

I really dislike the current WYSIWYG editor with a passion. :yucky:

 

 

The launcher will assume the permissions of the user that executes it.

Therefore, if you're running as an admin, the launcher will have

administrative rights.

Yeah, thats what i assumed, with UAC off and on an admin account,

SkyrimLauncher will run in admin mode. But if thats my case, then I

would expect to have TESV.exe and co deleted. But skyrimlauncher does

not delete anything, and i run it often to generate default inis.

Taking

what sb4n wrote into account, maybe its the steam client service? But i

also run that. I do not allow cloud syncing though. Furthermore, i have

my ownership of the skyrim directory as full administrator.

Thanks for your permissions list.

 

When you run a program as yourself, it will still run under your credentials. Being a member of the Administrators group just affords you extra permissions for actions that normal users would not have. With UAC on, you are prompted for those actions, with UAC off, you aren't.

 

But, concerning the file and directory permissions I am currently using, that won't matter, because the user permissions are a total match, and Deny rules always (in this case) win.

 

 

For me, that leaves the question of whether or not the service is a cause of the deletion. If it is, that means that it does not obey the Automatic Updates setting (and is also going to complicate things). I have no choice now but to not launch Skyrim or CK and wait it out as long as possible in order to determine if this is the case. I figure if the files still exist after two weeks, then the current permissions I'm testing with should be sufficient.

 

For anyone else reading this, I could really use a permission list from your Skyrim folder if Steam is installed under C:\Program Files.

[MadWizard25]

Had a nasty surprise this morning. Tried to launch WB and it told me that TESV.exe could not bet detected. This was after i had shut down my computer overnight.

 

TESV.exe had indeed been deleted, and i had not even touched the skyrimlauncher.exe yesterday, or changed any settings apart from running DDSOpt and tweaking an ini value. Hurray for backups.

[stoppingby4now]

I'm now auditing my TESV.exe for both Successes and Failures for all access attempts. I went ahead and removed the file permissions (but leaving Automatic Updates disabled), so now I'll know exactly what deletes it. Just have to wait. :(

[z929669]

Here are my permissions. These are a bit screwy, and I will be reconfiguring this permission structure!:

 

 

My TESV remains untouched

 

Win 7 64 latest updates

---

And my reset permissions moving forward. Will advise if there are any changes with TESV, but I suspect there will not be ...

 

[stoppingby4now]

Your permissions were perfectly fine before, nothing screwy about them.

 

If your TESV.exe (or any of the other Skyrim files I modify) do not have permissions on them, that tells me you are not using the latest version of SU. Starting with V1.2 is when the permission changes came in.

 

Given that SkyrimLauncher.exe uses the Steam_api.dll, it would likely either use the Service to perform actions, or behave like Steam in the case of having UAC turned off. Having the Steam Client Service running would allow the file deletion at any point, which appears to be the case for myself and others. But, since a version check can be triggered at any point, I have to assume that even launching SkyrimLauncher can trigger it since it uses the Steam API. In your case, I'm betting that you are safer than most due to not having a service constantly running that can trigger at any moment. Bottom line, I don't believe that you are completely safe, just safer than most.

 

All speculation at this point though, but hopefully I'll have my answer at least in terms of the Service within the next couple weeks.

[z929669]

I know my permissions before were fine, but they were redundant and a bit too much access was being granted to Authenticated and general Users.

Two Special and one Full Control to general Users is just plain nonsense ... I am a neat freak, remember?

 

Here are the comprehensive goods (UAC disabled):

 

[stoppingby4now]

My point is that you didn't gain anything with those new permissions. The default that was there before was just as secure. There was also no redundancy, just specialized permissions which were applied by Steam so that any user can play a game. Inheritance != redundancy.

 

In any case, you have stated that you do not end up with a Deny rule on your TESV.exe. Can you show me a listing of the advanced security permissions for it. Administrator privileges are not needed to create it (either with your old or new permissions).

[z929669]

No, if you look closer, I formerly had three entries for Users. Full Control supersedes all unless one of the other two "Special" had restrictions (i.e., deny), which they did not. Not to mention that it makes no sense that I had two other "Special", even if inheritance differed. This is just testament to multiple programs tampering with my user permissions when it just was not necessary at all.

 

"Users" on my box should be restricted ... when I look at my permissions, I want it to make intuitive sense, and the original just was not the simplest way to achieve the desired result

 

My TESV is effectively exactly that you see in my previous post for my acc. Note that those are screens of my common/skyrim/ folder and that for the former, admin applied to all sub-folders/files and all of the latter permissions I set apply to E:/ subs/files.

 

However, I can say with confidence that the deny rule is/was not active on any of my defined permissions.

[stoppingby4now]

No, if you look closer, I formerly had three entries for Users. Full Control supersedes all unless one of the other two "Special" had restrictions (i.e., deny), which they did not. Not to mention that it makes no sense that I had two other "Special", even if inheritance differed. This is just testament to multiple programs tampering with my user permissions when it just was not necessary at all.

"Users" on my box should be restricted ... when I look at my permissions, I want it to make intuitive sense, and the original just was not the simplest way to achieve the desired result

My TESV is effectively exactly that you see in my previous post for my acc. Note that those are screens of my common/skyrim/ folder and that for the former, admin applied to all sub-folders/files and all of the latter permissions I set apply to E:/ subs/files.

However, I can say with confidence that the deny rule is/was not active on any of my defined permissions.

 

After looking at your first picture again, I agree that the first entry for Users on your Skyrim folder is bogus. No idea what the Special permissions were, but it was unnecessary. However the rest of the permissions were 100% valid and I could write up an entire page on why.

 

For permissions on TESV.exe, since you just forced permissions across your entire drive, it would have overwritten all permissions that were set previously on all files. Could you do me a favor and cycle Automatic Updates with SU and check the advanced security permissions on TESV.exe again. Unless permissions were overwritten previously as well, there is no valid scenario I can think of as to why SU wouldn't have set the permissions. I really need to understand what is happening here so I can know if there are any special cases I need to account for.

[z929669]

Yep, after cycling again, special permissions (with deny attribute) have successfully been applied. I will wait and see if anything strange happens and report back ;)

[stoppingby4now]

At least we can rule out Gremlins. :)

[z929669]

[stoppingby4now]

It's the chupacabra you have to watch out for.

[z929669]

FYI

 

Just saw today that my TESV.exe has been REMOVED. It is not present in the Recycle Bin either. I DID NOT delete the file; however I cannot say what application or event was responsible.

 

Any other reports of this behavior? I simply restored a backup of this file (the ONLY file missing BTW)