Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Office, email and business apps
Safe PDF viewers.
Message
<blockquote data-quote="Andy Ful" data-source="post: 956185" data-attributes="member: 32260"><p><strong>Post updated.</strong></p><p></p><p><span style="color: rgb(184, 49, 47)"><strong>Advanced users</strong></span> can configure Windows to open PDF documents only in AppContainer, and only from selected folders on <strong>NTFS disk</strong> (Windows and Program Files folders are hardcoded by default). This can be done by using Wsudo tool (from Privexec) and Sumatra PDF.</p><p>[URL unfurl="false"]https://github.com/M2Team/Privexec/releases/tag/4.4.1[/URL]</p><p>[URL unfurl="true"]https://www.sumatrapdfreader.org/download-free-pdf-viewer[/URL]</p><ol> <li data-xf-list-type="ol">Download Sumatra PDF installer and install it in "Program Files" folder (use Options button to change the default installation path). Choose Sumatra PDF as a default application to open PDF files.</li> <li data-xf-list-type="ol">Copy the wsudo.exe (part of Privexec tool) to the Sumtra installation folder (C:\Program Files\SumatraPDF).</li> <li data-xf-list-type="ol">Edit the registry <span style="color: rgb(41, 105, 176)">Default</span> value under the key:<br /> <span style="color: rgb(41, 105, 176)">HKEY_CLASSES_ROOT\Applications\SumatraPDF.exe\Shell\Open\Command</span><br /> and replace its <span style="color: rgb(41, 105, 176)">data</span> with a path to Wsudo which executes SumatraPDF.<br /> [CODE]"C:\Program Files\SumatraPDF\wsudo.exe" -u appcontainer "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %*[/CODE]</li> <li data-xf-list-type="ol">Create the folder where you want to keep unsafe PDF files - I have chosen "D:\MyUnsafeDocuments". Use Icacls to give the "Modify" access of the AppContainer SID to this folder:<br /> [CODE]icacls "D:\MyUnsafeDocuments" /grant *S-1-15-2-3622619446-392274758-2533929289-2204876399-3375125215-4247762128-2478433618:(OI)(CI)(M) /T[/CODE]<br /> The SID may differ on another computer (probably). See Edit2 for details.</li> <li data-xf-list-type="ol">Right mouse click on any PDF file choose <span style="color: rgb(0, 168, 133)">Open with >> Choose another application >> </span>select<span style="color: rgb(0, 168, 133)"> Windows sudo utility</span> and tick <span style="color: rgb(0, 168, 133)">"Always open files ...."</span>. This will make Wsudo+Sumatra the default application to open PDF files.</li> </ol><p>Now, by clicking on the PDF file it will be opened only if located in D:\MyUnsafeDocuments, and always in AppContainer.</p><p>Of course, it is possible to use right-click "Open with" option and choose another PDF viewer to open any PDF file from any location.</p><p></p><p>Edit1.</p><p>It seems that Wsudo AppContainer has built-in access to "Windows" and "Program Files" folders. I can open documents from there without applying Icacls.</p><p></p><p>Edit2.</p><p>The SID of AppContainer can be found by opening CMD or PowerShell console and executing any file via Wsudo, for example:</p><p>[CODE]Path2Wsudo\wsudo.exe -u appcontainer notepad[/CODE]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 956185, member: 32260"] [B]Post updated.[/B] [COLOR=rgb(184, 49, 47)][B]Advanced users[/B][/COLOR] can configure Windows to open PDF documents only in AppContainer, and only from selected folders on [B]NTFS disk[/B] (Windows and Program Files folders are hardcoded by default). This can be done by using Wsudo tool (from Privexec) and Sumatra PDF. [URL unfurl="false"]https://github.com/M2Team/Privexec/releases/tag/4.4.1[/URL] [URL unfurl="true"]https://www.sumatrapdfreader.org/download-free-pdf-viewer[/URL] [LIST=1] [*]Download Sumatra PDF installer and install it in "Program Files" folder (use Options button to change the default installation path). Choose Sumatra PDF as a default application to open PDF files. [*]Copy the wsudo.exe (part of Privexec tool) to the Sumtra installation folder (C:\Program Files\SumatraPDF). [*]Edit the registry [COLOR=rgb(41, 105, 176)]Default[/COLOR] value under the key: [COLOR=rgb(41, 105, 176)]HKEY_CLASSES_ROOT\Applications\SumatraPDF.exe\Shell\Open\Command[/COLOR] and replace its [COLOR=rgb(41, 105, 176)]data[/COLOR] with a path to Wsudo which executes SumatraPDF. [CODE]"C:\Program Files\SumatraPDF\wsudo.exe" -u appcontainer "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %*[/CODE] [*]Create the folder where you want to keep unsafe PDF files - I have chosen "D:\MyUnsafeDocuments". Use Icacls to give the "Modify" access of the AppContainer SID to this folder: [CODE]icacls "D:\MyUnsafeDocuments" /grant *S-1-15-2-3622619446-392274758-2533929289-2204876399-3375125215-4247762128-2478433618:(OI)(CI)(M) /T[/CODE] The SID may differ on another computer (probably). See Edit2 for details. [*]Right mouse click on any PDF file choose [COLOR=rgb(0, 168, 133)]Open with >> Choose another application >> [/COLOR]select[COLOR=rgb(0, 168, 133)] Windows sudo utility[/COLOR] and tick [COLOR=rgb(0, 168, 133)]"Always open files ...."[/COLOR]. This will make Wsudo+Sumatra the default application to open PDF files. [/LIST] Now, by clicking on the PDF file it will be opened only if located in D:\MyUnsafeDocuments, and always in AppContainer. Of course, it is possible to use right-click "Open with" option and choose another PDF viewer to open any PDF file from any location. Edit1. It seems that Wsudo AppContainer has built-in access to "Windows" and "Program Files" folders. I can open documents from there without applying Icacls. Edit2. The SID of AppContainer can be found by opening CMD or PowerShell console and executing any file via Wsudo, for example: [CODE]Path2Wsudo\wsudo.exe -u appcontainer notepad[/CODE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
