Page 1 of 2 12 LastLast
Results 1 to 5 of 7

Thread: Running with elevated privileges

  1. #1
    JohnMalvey Guest

    Running with elevated privileges

    Hi all.

    I've read related threads to my problem and pored over the help files but I'm still confused as to the exact way to make my installation work with users that have "limited" access.

    Specifically, I have an install that needs to create a registry entry in HKLM. I've tried selecting all Permissions for the registry entry while in the Components section using the domain - [%USERDOMAIN] and user - [LogonUser]. I've also created a property called ISALWAYSINSTALLELEVATED and set it to 1. When I run the install I get a 1406 error.

    My app is fairly straightforward: it dumps everything into a single folder, creates a couple of shortcuts, a registry entry, and ODBC. Because it's a commercial product I need to have this installable by anyone with any privileges and can't rely on an admin user setting the proper policies on the machine before hand.

    Also, would I also need elevated privileges for installing ODBC and self-registering DLLs?

    Any suggestions would be greatly appreciated!

    TIA

  2. #2
    Join Date
    Apr 2003
    Posts
    63
    Well the concept is simple and straightforward....

    Locations and registries to which a limited user does not have access, one should not expect MSI the same as this would be breach of Windows security. So a limited user has to get elivated privileges from the Administrator for a setup that make changes into this forbidden area. For configuring these privileges refer following article:

    http://support.installshield.com/kb/...icleid=q105140

    However if this article has already been followed, I would request for the complete 1406 error messages you get on installing this setup.

    Cheers!
    Nio

  3. #3
    JohnMalvey Guest
    Thanks Nio.

    So it sounds like you're saying there's no way to have a limited user do an install without having certain things setup on their machine ahead of time.

    I was under the impression from speaking to someone in tech support that you could "temporarily" elevate a limited user's privileges to get the install done.

  4. #4
    Join Date
    Jun 2002
    Location
    Italy
    Posts
    38
    You CAN temporary elevate user privilege...(the RunAs Service)

    However you need Administrator's password.

    Moreover, as neo already said, due to windows security, you CAN'T elevate user's privileges with installer.
    If it could be possible someone could write a MSI setup that once run by a User, elevates temporarily user's privileges, changes the local machine policies in hklm and then closes itself.

    As you can imagine this would be a security flaw, so Users will never be able to gain Administrator's access unless explicitily wanted (like the runas service, or the "execute installations with elevated privileges" policy...or an exploit :P)

  5. #5
    Join Date
    Oct 2001
    Location
    Here and there
    Posts
    16,243
    Exactly: allowing an arbitrary process to gain elevated privileges would be a recipe for disaster; please see the MSI Help Library page "How do I install a package with elevated privileges as a non-admin?" for a summary of techniques...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •