How could an application write in a file in which the current logged user can not, under Windows NT/2000/XP ?

This to avoid the accidentally modify/delete this file by an unauthorized user, using notepad, for example.

Thanks!

You can't do that. The application will only have the rights of the user that started it. You can however implement your program as a NT service.

Another method is to impersonate a user; doing an interactive login and running the process as another (more powerful) user. But that is more like log out and then log in with another user again.

There are lots of info about how to write NT service programs (see codeguru articles and the MSDN web site).

If your app should work more or less like a normal app (having a GUI etc), but needs to protect a file in the way you mentioned, I would implement a very limitted NT service program which only task is the create/write/delete the mentioned file. Your service program and your app need some sort of communication, like named pipes, shared memory, sockets, RPCs or COM.

Good luck.

PS. All this only applies to NT/W2K/XP... On Win9x, you can't do much about it :-(

OK.
Thank you very much!