Just another ordinary release - 7.5.1
@Scott-Sumner Yes quite disturbing. Whoever typed them up is a pervert! Guess I’ll have to reinstall w/o that option checked.
@Phillip-Mitchem Best quote ever: If you try and don’t succeed, cheat. Repeat until caught. Then lie.
Missing %appdata%\Notepad++\plugins\config folder when creating new profile. It appears the plugins expect this folder to already exist and won’t create it when trying to save their settings.
- Install Notepad++ with default settings.
- Log on as different user. (or delete %appdata%\Notepad++ folder)
- Start Notepad++ and it will create the %appdata%\Notepad++ folder with the config files but no sub folders.
- You can test with
Plugins > Converter > Edit Configuration File. Expect to open file (it is created if folder exists), instead get error message to manually create file.
The installer does create this folder and also the themes folder, even if you chose not to start application after install. So it will work ok for only the user that installed it. I also expected the themes to be created in the program files and not appdata.
I’m also seeing the empty %localappdata%\Notepad++ folder being created when starting the application.
Notepad++ v7.5.1 (32-bit)
Build time : Aug 29 2017 - 02:35:41
Path : C:\Program Files (x86)\Notepad++\notepad++.exe
Admin mode : OFF
Local Conf mode : OFF
OS : Windows 10 (64-bit)
Plugins : mimeTools.dll NppConverter.dll NppExport.dll
(OS is actually Windows Server 2016)
I am running Npp 7.5.1 32-bit on windows 10. Under the “plugins” drop-down menu I only have options for Converter, MIME tools and NppExport - no entry for Plugin Manager. This was always in previous versions. I am trying to install the Compare plugin.
@donho Hi Don Ho! I wonder if you would reconsider the default behavior. I think the user should be permitted to enforce local conf mode even if Notepad++ is installed in
C:\Program Files (x86)(or
C:\Program Filesin the case of the 64-bit version).
As a security-conscious user, I don’t allow scripts to execute from any location to which the standard user can write. That’s the principle behind AppLocker. But with current Notepad++ behavior, there’s nothing I can do to prevent NppExec scripts from being saved in (and running from) the user-writable
%appdata%\Roaming\Notepad++\Plugins\Config\npes_saved.txtfile as long as Notepad++ is installed in the default location of
C:\Program Files (x86). That means an attacker can write whatever they want to
npes_saved.txtand execute it through Notepad++ all without administrative privileges, making NppExec a potentially useful vector for ransomware at the very least.
To protect against such attacks without having to create extra AppLocker allowances or make changes to folder permissions, I currently have to install the 32-bit Notepad++ in the 64-bit location
C:\Program Files, which is not a big deal. But I thought I’d bring it up with you anyway to see what you think. Thanks for all your hard work! I love the program.
(I accidentally wrote that the user should be able to “disable” local conf mode, but I meant enforce! Couldn’t edit. Sorry about the confusion.)