I have an installation that require only user privilegies, but this installation should remove previous files or call uninstaller if it exists
Is there way in NSIS to run one action(DeleteFile, RunExe) as administrator?
Elevation is per process and you cannot go back down once you have elevated.
You should create a little helper nsis app that performs your required actions (RequestExecutionLevel admin alone is not enough, you also need to use UserInfo::GetAccountType) Use ShellExecute with the runas verb to start a elevated process.
Related
I have a program, which users sometimes want to restart with administrative privileges to perform administrative tasks.
Currently, it has a menu item, which does the following call:
Process.Start(new ProcessStartInfo("self.exe") { Verb = "runas" })
That works if program is installed with MSI. It displays a usual UAC prompt, which lets user to elevate the program.
However, when converted using Desktop Bridge converter, and installed the Store way, this call crashes due to insufficient privileges. Is there another way for me to (re-)start self with UAC prompt?
Alternatively, is it possible to perform elevation using COM?
I am on release branch, Creators Update btw
Is there another way for me to (re-)start self with UAC prompt?
No. According to this page (https://learn.microsoft.com/en-us/windows/uwp/porting/desktop-to-uwp-prepare, look for Your app requires UIAccess), it seems that requesting the UAC prompt from your app is not currently supported.
Remember, as a UWP app, it needs to work while running as the interactive user.
There is a one-year-old post from MSDN that answers a similar question: https://social.msdn.microsoft.com/Forums/en-US/a35b4c70-5fc6-4f1a-b80a-b11ee90105eb/uwpdesktop-bridgeproject-centennial-appconverter-convert-admin-apps?forum=wpdevelop
Alternatively, is it possible to perform elevation using COM?
Given the findings above, the answer is probably no.
If I were in your position, I would rethink these Administrative tasks. They might even be something that you would not be able to run as a UWP app anyways. For instance, any attempt to create an HKLM key will fail.
I am trying to make a batch file that calls an executable named idlelogoff after a certain amount of idle time. I can see the process in task manager however the computer doesn't sign out.
However when I run the process as an administrator manually it works. I thought the system account was supposed to have all privileges. Very confused as to why this isn't working. Any help would be appreciated.
Below is my batch file contents.
start "IdleLogOff" /d C:\ /b idlelogoff.exe 10 logoff
I found an answer to this by using local group policy instead of domain policy . I used user configuration->windows settings-> and then logon scripts and had it run on an user logon. The script works from here but did not work from domain group policy for whatever reason
look into taskmanager- i suppose that the process runs under system-account when using domain-gpo- no matter if activated/linked in user or workstation context.
So the exe would check if the system-account is idle.
A solution could be putting the exe into autostart-folder or create a run-key into registry or with an scheduled task -> all can be done with a gpo
Is it possible to run the silent and verysilent option from within the inno setup application.That is as soon as I clicked the exe it will run with verysilent option (no need to provide it in the command prompt)
I have figured out the temporary way of putting the command with verysilent option in the batch script and clicking the batch script :) !
It is Bad Formâ„¢ make a "covert" installer. From Inno's FAQ:
Is it possible to do a silent install without using the /SILENT or /VERYSILENT command-line parameters?
No, nor is such a feature planned (it would be abused). If it is your intention to keep user interaction to a minimum, use the Disable* [Setup] section directives.
This would only matter if you are actually building the installer. If you're just trying to install the application, the only sensible thing to do is use the command-line flags in a batch file (or other scripting language).
I was having trouble after creating a windows service in c# with creating a silent install with a batch file or w.e. is needed that takes in just the location of the install, as when I run setup.exe or the msi file that is all that's in there. It will prompt to change location if desired, otherwise go to default C:\drive folder that is preset within the service, no other options are required.
I was wondering how to use a iss file or an answer file to create either a cmd prompt or script to mass install on many computers easily.
Currently setup.exe accepts in the cmd setup.exe /quiet instead of what I have been seeing -s or /s which also had caused some confusion and to why I was looking for help. Thank you.
Ok. I typically use InstallShield for that. If you are doing this in pure batch, then you will need to take steps to configure/start the service. See SC /?. That will allow you to query the service, stop, start, etc. Give it a try and reply with more specifics if needed.
Is it possible to run handle.exe (from sysinternals) from a service (in windows7) without having to turn off UAC?
The service is a custom c-app that needs to find out which process is locking a file it tries to access and handle.exe seems to be a good way to solve it but i can't get it to work with UAC turned on. This app runs all the time so i can't have a UAC prompt while its running but its fine if it shows up at startup.
Handle.exe works fine from an admin commandprompt but fails when trying to run from a normal prompt.
I call handle.exe from CreateProcess() and get the output from pipes. I guess there should be a way to solve this but i can't figure it out. Setting up the service to log in from an admin account does not seem to work.
UAC does not affect services (it only affects interactive sessions) so that should work.
However, if you don't want to move your entire program into a service then there are better ways to do this which don't require creating, installing and managing a separate service process in addition to your main program.
If your program requires admin rights to work at all, and this isn't the only place it will require them, then you could flag your program (via its embedded manifest resource) as requiring administrator rights. It will then trigger one UAC prompt whenever it is run and be run with full admin rights, including the ability to run Handle.exe.
On the other hand, if this is the only place where your program needs admin rights, it may make sense to create a COM DLL which wraps your Handle.exe call (or any other admin work) so that you can use UAC to make elevated calls to that function from your non-elevated app. You will then trigger a UAC prompt each time you create (an elevated version of) that COM object. You can keep the COM object open as long as you want, and create it whenever you want, so when and how often the UAC prompt(s) appear are still up to you.
Both 1 & 2 are standard uses of UAC so any good documentation or tutorial on UAC will describe how to do them in detail.
You may want to look at the Win32 API method CreateProcessWithLogonW.
There is also an elevate VBS script here you may learn from: http://technet.microsoft.com/en-us/magazine/2007.06.utilityspotlight.aspx