Windows 10 Automatic upgrade: Access is denied. Every time. Help?

I’m sure this has been answered before - but I can’t seem to find the right combination of words to find an answer here in this forum or online. I have Syncthing running on two linux boxes, two android devices, and four Windows 10 installations (one desktop, two laptops, and one VM). Every one of the windows devices must be manually upgraded with every single release. I cannot figure out how to give Syncthing rights to automatically upgrade. Sorry if this is simple and I’m too dense to know what to do. I work with Syncthing exclusively through the web interface on all devices except android. Thoughts?

Of course, the moment I post I find something similar that probably answers my question, after multiple attempt at searching over several days. It would seem I can’t/shouldn’t put Syncthing in C:\Program Files\Syncthing, as that will be read-only by default in windows. That is where I’ve placed Syncthing on all my Windows installations. Can someone confirm that? Do I need to go through and modify each installation and the accompanying .bat file I created for each to enable it to startup with windows? I’m guessing this is the answer… just not crazy about taking the time to do that if I don’t have to. Thanks.

On Windows I think the easy way out is to use Synctrayzor which manages this for you. Otherwise, yes, keep it somewhere else or tweak directory permissions to match.

2 Likes

I´m using Syncthing in that folder but in my case I have installed Synchting as a service (using nssm as stated in the docs). Of course being installed as a service means no permissions problems as Syncthing is run using System account.

You’ll have permission issues the minute that syncthing syncs a file from another device, since that file will be owned by the system account, and you won’t be able to access it.

Also, running syncthing as a system account is a potential security hole: anyone who gains access to your user account (or to the Web ui) can use syncthing to gain local admin privileges. It’s basically a rootkit waiting to happen.

We recommend that you only run syncthing as your local user, and do not run it as a system account.

Syncthing itself is in Program Files folder. Shared folder resides in another drive with correct permissions.

Everything running as System is a security concern but I think I have took sufficient security measures to avoid problems. Web UI is password protected and I doubt anyone can gain access to my user account. The computers are behind a quite restrictive firewall and normal users do not have any admin capabilities. Syncthing is not exposed to the internet. Anyway there is no personal information in the computers. These are lab computers and can be formatted at anytime.

Running Syncthing as local user is not an option as all users have to have access to the shared folder in readonly way (except admins).

… Any files synced will now be owned by administrator, not your normal user, so your normal user won’t be able to access them most likely. Exactly as we described earlier.

Make sure syncthing always runs as the user who owns your files. If there are permission issues, fix them either by changing where syncthing.exe is located, or by changing the permissions on the directory it’s in.

Running syncthing as an administrator is a very bad idea. Please don’t do it, and please don’t recommend that other people do it!

Oops - you are right. For some reason I had no problems, but that may be sheer luck. So as you recommended I changed the permissions on the directory where syncthing.exe is located.

I know this is old. But, if you give your Windows User modify access to the C:\Program Files\Syncthing directory then automatic updates work. Since configuration files aren’t in this directory this seems reasonably safe.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.