PDA

View Full Version : Administrative privileges needed - NT4



jeffp25
04-04-2002, 07:54 AM
I'm having a bit of a problem. I'm working with a large number of "locked down" NT workstations. I have written a NT service which is unpacked and launched by IS, which then in turn runs another system level process in the admin context. My problem is that with the registry writing that IS does, users need admin credentials just to execute the IS package. Is there a way around this? I'm a new convert from C, so I'm still fumbling around.

Prince
04-04-2002, 08:17 AM
Actually setup needs admin right when setup is going to replace/modify some system files or DLLs. So in order to install setup properly you must have admin rights. There is no way to avoid this.

jeffp25
04-04-2002, 08:24 AM
This particular setup is just dropping a few files in the temp folder and then executing the service. So, it's not the setup per se that is having a credential issue, but the IS overhead.

Thanks,
Jeff

Prince
04-04-2002, 08:29 AM
Jeff,

Executing service is also a process which interact with system files. This process also need admin rights, so you mush have admin rights to execute your service properly.

jeffp25
04-04-2002, 08:34 AM
One of my programs does just that. I have leveraged the SSPI APIs to gain sufficient credentials to create a token having admin permissions on the thread which has the rights to call CreateService. This process works when I distribute the files independantly, but when I bundle then in IS, users cannot even unpack the exe the 'Package for the Web' creates.

Thanks,
Jeff

Bloomerville
04-05-2002, 01:19 PM
If you need admin privileges then you can install your service with a custom action. When you use the custom action wizard to make your custom action, select Defered Execution is System contest. This will give the user elevated system privileges so the registry entries can be made. See (Custom Action Wizard—Additional Options Panel) in the Developer help.

jeffp25
04-05-2002, 02:24 PM
Thanks this could be exactly what I was loking for. I've just created the custom action, now if you can pardon the remedial question, where would be the proper place to insert this action?

Thanks,
Jeff

Bloomerville
04-05-2002, 02:32 PM
Since the action is deferred, it should be placed in the execute sequence. If the files that you are registring are being installed by the same installation, make sure to sequence the file after InstallFiles, so the file are on the system.(around Sequence # 2000 or greater)