After installation of the program, can not make uac dialog box disappear when the program is run?
Can I grant administrator privileges to install and have it run automatically at install time?
You cannot bypass UAC, the user is supposed to be in control of their computer, that is the whole point of UAC! If you want to do machine wide changes that require administrator privileges there is no way around it, the user has to elevate with UAC at least once.
If you want the installed application to run elevated automatically then you must write a custom service that can be started on demand. When a administrator starts your application un-elevated the application must start your service and ask it to launch a elevated instance. The service must then call CreateProcessAsUser with the linked elevated token. This is too difficult for most developers and most applications just have to accept the fact that they must display a UAC prompt when they are started.
Related
Many apps on my desktop such as my package manager and Virt-Manager ask for my password to in order to do certain function in the app that require root. They do this in two interesting ways. One, they ask for the password of a local adminstrator, or someone in the wheel group. The second thing they do is ask for admin after they launch and in a gui menu. How do I do these things. Do I simply launch the gui app in root (setuid)? Do I create a second executable that has setuid? Thanks.
I am using the Limited edition and in my installer I have a custom action where I open a cmd.exe and passing a batch file for executing.
The cmd is executing but its not in the elevated permission. I need to execute this in elevated permission since my batch file has operations which needs admin privilege.
I tried many options and the screen shots attached describes what I have done.
Let me know if this is possible with Limited Edition. I am installing in windows 10 machine.
the whole "Elevetad privilege" thing changed a lot during the lasts years.
if I were you, I'd put the schema to version 500 (the last one)
you'll might wan't to double check that your batch file is correctly found, as properties in system context can be unavailable. (use /k so the cmd prompt will not close and you'll be able to see the result of your batch file.)
also if the UAC is disabled on the client machine the user won't have the right to elevate your installer so setting the Require Administrative privilege won't change anything.
in order to be sure, you'll might wan't to use a install condition validating the Privileged property.
The code is really quite simple:
var key = Registry.LocalMachine.OpenSubKey("Software").CreateSubKey("somekey", RegistryKeyPermissionCheck.ReadWriteSubTree);
...but I keep getting the exception "Cannot write to the registry key", even when I run VS2010 (or the compiled code) as Administrator.
What am I doing wrong?
Running .Net Framework 4 Client Profile.
You are trying to write to HKEY_LOCAL_MACHINE. Access to HKEY_LOCAL_MACHINE is restricted by UAC. Your user may well be an administrator, but unless the process is started with elevated rights, UAC will prevent write access.
In order to write to HKEY_LOCAL_MACHINE you will need to ensure that the Registry access is performed in code that is running with elevated rights. To do that, you will need to either:
Add a UAC manifest to your application to force it to execute with elevated rights. However, this means that the user will have to deal with the UAC elevation prompt every time the application is run.
If you do not want to elevate your application, you will need to separate the parts of code that need elevation into a separate process, or into a COM object instantiated via the COM Elevation Moniker, whenever your application needs to perform an elevated operation.
Folks,
I've got a strange issue at the moment with a visual studio 2010 built MSI...
When I run the msi, it performs a few tasks, then executes a tool we built - this tool then carries out some more advanced work we couldn't do within a custom task.
The issue here, is then when the msi starts my custom built tool, it doesn't execute it with the same credentials as I start the MSI with (i.e. my administrative login).
Is there a parameter I can pass to an MSI to enforece this? Or perhaps I can pass the credentials to the process when I start it?
My process is started using Process process = Process.Start(procInfo) nothing fancy. I've also noted the ability to pass in a parameterised username/password/domain, but this will vary depending on the user who is installing - can this be extracted from the installer somehow?
Any help (or questions) welcomed.
Dave
EDIT: for clarity... I'm running the MSI under my domain account, and I want my custom process to run under that 'context'. At present, it starts (regardless of whether I start as administrator or not) under the SYSTEM account (rather than mydomain\me). I'm using Windows Server DataCenter edition if that helps...
I should also add, I think this is a policy issue, but I've no idea what to check/where to check...
By default Windows Installer runs custom actions as the current user. If the MSI is elevated, custom actions will run as the elevated user.
Please note that if you are running the MSI as an Administrator, it doesn't mean your custom actions will have full Administrator privileges. On Vista or higher any user can gain Administrator privileges through elevation.
So if your custom actions need Administrator privileges, make sure they use the msidbCustomActionTypeNoImpersonate flag so they run under the local system account.
If this is not the problem and you just need access to the current user data, can you please give me more details?
I am using Visual Studio 2008 to build an MSI install package. Within the install I have numerous custom actions. Within the OnAfterInstall custom action I attempt to start an exe which is deployed by the install. The exe starts ok, but runs within a security context of NT AUTHORITY\SYSTEM (i.e. under the elevated privileges granted to the Windows Installer process). I actually need the exe to run in the security context of the currently logged-on user who started the install in the first place. Does anyone know how to start the exe so it runs in this 'reduced' context. I really want to avoid having to ask the user for their login credentials if possible.
You need to use Remote Desktop Services API: http://msdn.microsoft.com/en-us/library/aa383464%28v=VS.85%29.aspx . It is available starting from WinXP.
This API allows you to run your application in context of any logged in user account. You need to be running as a SYSTEM to be able to use it. And you are.
For instance you may enumerate sessions using WTSEnumerateSessions, then take user token by WTSQueryUserToken and run application using this token.