As you probably know, User Account Control (UAC) is the Microsoft answer to
reducing the privileges users run with by default in Windows Vista and
Windows 7. Windows Server 2008 and Windows Server 2008 R2 also support UAC.

A typical problem are applications that are launched as part of an install.
It is very common to start an application at the end of the installation.
Unfortunately, the application is often started under the wrong user context
because the user provided elevated credentials to perform the installation
and the application is created with the elevated user token.

Let us assume, you have a "JoeUser" Standard User account under Vista.
Installation applications always run elevated -- an elevated process is
usually one that has been launched by someone with a Full Administrator
Token and runs with High Integrity Level Privileges (administrator execution
level privileges). If "JoeUser" starts the installation, UAC determines
that the Current User does not have a token of sufficiently high Integrity
Level and the Credentials Prompt asks the user to provide a username and
password of someone who has sufficient rights. Windows will then create the
necessary token for that user and uses it to elevate the process so you can
now continue with the installation. Please note that you are on a
completely different profile after the elevation. You have switched from
the "JoeUser" profile to the "Administrator" profile!

If you launch an application at the end of the installation now, the
elevated privileges are carried over to that application. But unless an
application is designed to be run only by system administrators, it should
always be run with the least privilege! In most cases, running an
application with elevated privileges on Windows Vista platforms is
discouraged.

Developers would like to start the application "non-elevated" at the end of
the installation process so it can perform configurations in the context of
the "original" Standard User. SetupBuilder 7 provides a solution to this
problem.

How to run the "Launch non-elevated" test?
------------------------------------------

Start the RunNonElevated.exe installer on a Standard User account under
Vista, Windows 7, Windows 2008 or Windows 2008 R2. A Credentials Prompt
asks the user to provide a username and password (see elevationprompt.jpg).
The setup will install a asInvoker.exe test application (this represents
your program!) which always runs with the least privileges. At the end
of the installation process, the installer gives an option to launch the
application.

Now comes SetupBuilder 7's magic into play. The "elevated" installer will
launch the asInvoker application with the "JoeUser" Standard User token
(non-elevated)! See attached nonelevated.jpg. The current profile is
"JoeUser" and the Privileges are "User".

Other installation systems would launch the application under the wrong user
context (Administrator). See elevated.jpg.

Please download and test the following code-signed test installer:

http://www.lindersoft.com/RunNonElevated.exe

The installer will automatically uninstall the application at the end of the
test.

If there is any problem, please let me know.

Thank you for your help!

Friedrich

Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

2008 ent sp1 64 bits
run with NO UAC and an admin account

installers run without asking for elevation : normal
end of install checkbox checked by default
click on launch
message : no split token available - the application will be laucnhed with elevated credentials

nice app starts with graphics and turning wheels <bg>
profile : pathname "my documents"
privileges : admin

Click on next

sb_return = 1
sb_errorcode : 2009

Uninstall window and a mesage from Wise brook Shields ???? :)

Another message asking for confirmation of uninstallation

and a final message all is clear continue working :)

Cordialement - Best regards
Jean-Pierre GUTSATZ

CGF

DMC - Data Management Center
A tool to let you Migrate Import Export Transfer your Data
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" &
"Works with Windows Server 2008"

Hi Jean-Pierre,

Thank you :)

Background information: if UAC is disabled, then you don't have a
split-token and a "Standard User" account is nothing more than a stupid
"Limited User" account under XP. That means, the installer cannot run at
all under a "Standard User" account (and you'll get a "You must be logged in
as an administrator when installing this program" error message) because
there is no write access to any protected area.

To test the new cool "non-elevated" SB7 feature (launch program
"non-elevated" from an "elevated" application), you need UAC enabled and a
Standard User account.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

on Vista Business SP1 and Windows 7 Beta 1 I got these windows:

"Vista_Fenster1.jpg"
"Vista_Fenster2.jpg"
"Win7_Fenster1.JPG"
"Win7_Fenster2.JPG"

.... followed by those UnInstall-Windows

Is this what you wanted?

Bye
Wolfgang

Hi Wolfgang,

> on Vista Business SP1 and Windows 7 Beta 1 I got these windows:
>
> "Vista_Fenster1.jpg"
> "Vista_Fenster2.jpg"
> "Win7_Fenster1.JPG"
> "Win7_Fenster2.JPG"
>
> .... followed by those UnInstall-Windows
>
> Is this what you wanted?

Yes, that is PERFECT!!! Thank you for your time.

The Previlege is always "User" in your screenshot. If you would run the
asInvoker application from other elevated installers or applications, you
would see "Admin" here (incorrect because it would be the wrong user
context).

In other words, the elevated SB7 installer (that points to the Admin
profile) calls the asInvoker application and this runs with the Standard
User token (non-elevated). WONDERFUL!

Thanks again,
Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> Hi Wolfgang,
>
>> on Vista Business SP1 and Windows 7 Beta 1 I got these windows:

What I forgot to mention is that both installs are "as intended by MS",
this means unchanged and UAC is turned on.

I always prefer to have my computers as restricted as possible, slow
processors, tight security etc so that I avoid surprises from users.

If necessary I could test it on Windows Server 2008 also. Going to install
the Eval-Version later this week.






--
Grüße / Regards
Wolfgang Orth

http://www.odata.de



Erstellt mit Operas revolutionärem E-Mail-Modul: http://www.opera.com/mail/

Hi Wolfgang,

> What I forgot to mention is that both installs are "as intended by MS",
> this means unchanged and UAC is turned on.
>
> I always prefer to have my computers as restricted as possible, slow
> processors, tight security etc so that I avoid surprises from users.
>
> If necessary I could test it on Windows Server 2008 also. Going to
> install the Eval-Version later this week.

Same here. Because UAC is our friend and not our foe, we should never
disable it (IMO). And most users have it turned on -- there was a poll in
the Windows 7 beta group and it turned out that about 90% have UAC always
enabled. I myself would never ever turn it off. If an application is not
UAC-aware, I do not use it. Period.

By the way, if UAC is turned off, the new SB7 "non-elevated" feature does
nothing because all Windows processes run with High Integrity Level
Privileges (more than dangerous). So there is nothing on the machine that
runs with non-elevated user token (and all doors are wide open).

We have already tested the new feature on Windows Vista Ultimate 32-bit and
64-bit, Windows 7 Ultimate 32-bit and 64-bit, Windows Server 2008 32-bit and
Windows Server 2008 R2 (only available as 64-bit) and it seems to work
perfect. It would be great if you could also test it on Win2008.

Thanks,
Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

May I please ?

Running 2008 or Vista without UAC is a personal choice and has nothing to do with 'real' security but with good-sense

When all this did not exist we relied on some 3rdparty tools to protect from spams malware etc and on a good deal of good - sense regarding installers to use or not

We all survived

Of course for Mr.PlugAndPlay is IS better to have ot turned on but come on on, please .... if you can live with those stupid messages coming up every thre mouse clicks on
your dev machine I cannot and I am sure many in our small community are the same - I know from personal experience that from all the clients I have roughly 40% of them
turn it OFF because they "seem to think" they know what they are doing and all is perfect as it was "before" ....

It is a good thing to have added that for the basic installs to (my wife's computer for example...shhh <bg>)

Do you need someone to ask you if you are sure you want to turn left or right when driving your car on the autobahn at 220 km/h ?
Would you accept such a gimmick in your car if Audi decided to add it "for your security Monsieur!" ?

.....
;)


Cordialement - Best regards
Jean-Pierre GUTSATZ

CGF

DMC - Data Management Center
A tool to let you Migrate Import Export Transfer your Data
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" &
"Works with Windows Server 2008"

BTW : just wanted to add that _you_ are listened by many many many here :)
I do not want them to listen to me at all, just that some migth think "heck, if HE says use UAC, then i'll put it back on !" and then curse at you every time they receive
an ms warning ... :)

are we not supposed to be big boys after all (some of us at least) so maybe enforcing such rules is excellent for (again our beloved ones - and I am sure many out there are
better then I am <g>) .....

oh well let them curse at you after all :) (or me) .... ;)



Cordialement - Best regards
Jean-Pierre GUTSATZ

CGF

DMC - Data Management Center
A tool to let you Migrate Import Export Transfer your Data
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" &
"Works with Windows Server 2008"

Hi Jean-Pierre,

I know that you don't like UAC at all -- but for the life of me, I don't
understand why <g>. I agree, using Windows with UAC disabled is a personal
choice. But it *IS* dangerous to do so. And UAC is such a nice cool
feature.

My Audi has an electronic stabilization program (ESP). It's enabled by
default to stabilize the car if needed. I assume you would turn it off
immediately because you don't need that extra "protection", right ;-) UAC
is there to protect my Windows if needed! The elevation prompt tells me
that a program requests full access to my operating system. And I
appreciate the Windows "warning" because I want to know when a system needs
full access.

Because quite a few people visit this newsgroup on a daily basis, I'll
repeat it: NEVER EVER DISABLE UAC -- it's not a wise choice! Unless an
application is designed to be run only by system administrators, it should
always be run with the least privilege. So no security warning if the
application follows the rules.

And with regard to your "turn off UAC and all is perfect as it was before"
statement. The Limited User account is a Windows feature for 10+ years now.
So "before" means the good old Windows 3.1 or Windows 95 days <g>???

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

Again I did not explain myself properly - really sorry :)

I am "only" speaking of personal computers for devs (or others) who are supposed to "know" what they are doing

ESP is a limited slipped differential is some sort and of course that is there to protect the "normal" driver and to make driving smoother and easier for them but again -
if the driver sitting at the wheel "knows" how to drive (not talking of going bying bread at the corner shop or pressing the accelerator off clutched at a signal post to
attract a girls attention ....<g>) and "knows" what that means when turning if OFF (spinning wheels in tight curves and rear end going off line etc...) then "when" that
driver would want to "drive" and not be driven - yes I did turn it off sometimes!

But again I am supposed to know what I am doing and to take responsability for doing so :)
(because turning it off can be very dangerous and lead to a crash BSOD kind off)
(in this case maybe mentioning I did race cars on tracks and rallyes for 5 years when younger ... <g>)


For me - a personal feeling - UAC would be set to on here (again personal preferences) IF it was used by the OS only when - as you say an installer requires elevation or
when opening the registry => important things which can be dangerous to the system

But having a confirmation message when dropping a file in explorer when not in "protected" area etc (sure it "could" be dangerous ...) is a bit too much for my personal
taste of protection because those things - here at least - I do repeatedly zillion times every day taking a tps or a dat etc and moving from one folder to another for tests
etc....

UAC is an excellent thing IF we could have levels to select from to adapt to our "level" of need or knowledge etc....

When talking of "before" I mean two months back - here again - when I was under 2003 ie a "non-protected" OS (no UAC - not talking of anything else of course)

Your role as an "explainer" is VERY valuable for me (and I hope for others too) because you DO have knowledge many many do not have and I at least want to thank you for
letting us "in" those levels of your knowledge

And you are correct I should NOT have interfeered as after all ..... personal preferences are NOT in relation here

Sorry


Well anyway - I am starting to think when I see how users here or there use their computers - that indeed UAC and protected areas is maybe a good thing to impose on them

You know ... what I am simply trying to say is rather simple and a more 'elevated' thought then just all this : I know human beings love being taken care off but if they
leave "others" always impose "other's" way of thinking that will definitely "kill" all individualities and put them in "moulds"
and that is something I hate : do better tools and add protection etc BUT leave users DECIDE (and give them this possibility) on what and how to use the tool you offer them

Just like you did in SB with this excellent feature added - you take rules imposed and use your imagination and knwoledge to offer your users ways of working safely BUT
with also the facility to do what "they" want ;)




Cordialement - Best regards
Jean-Pierre GUTSATZ

CGF

DMC - Data Management Center
A tool to let you Migrate Import Export Transfer your Data
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" &
"Works with Windows Server 2008"

> If an application is not
> UAC-aware, I do not use it.

Except for Clarion<g>
--

Mark Riffey
http://www.rescuemarketing.com/blog/
If Guy Kawasaki and the staff of the Wall Street Journal,
Fast Company & Business Week read it, maybe you should too.

>> If an application is not
>> UAC-aware, I do not use it.
>
> Except for Clarion<g>
> --

Well, there is no rule without exception <g>

Friedrich

> As you probably know, User Account Control (UAC) is the Microsoft answer to
> reducing the privileges users run with by default in Windows Vista and
> Windows 7. Windows Server 2008 and Windows Server 2008 R2 also support UAC.

Friedrich,

I ran the RunNonElevated.exe install on the following OSs with standard
user accounts.

Vista Ultimate 32
Windows 7 Ultimate 64
Windows Server 2008 Standard 64

My results are the same as Wolfgang's screen shots for the standard users
accounts I used.

THIS is a very welcome feature! Thank you!

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

> THIS is a very welcome feature! Thank you!

Thank you, David!

We received more than 80 "success reports". So this new feature seems to
work rock solid. We'll make it available to the public in the new
SetupBuilder 7 beta build.

BTW, the "launch non-elevated" functionality will not be available in
SetupBuilder 6 because the enhanced SetupBuilder 7 compiler is required to
power that feature.

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

>> THIS is a very welcome feature! Thank you!
>
> Thank you, David!
>
> We received more than 80 "success reports". So this new feature seems to
> work rock solid. We'll make it available to the public in the new
> SetupBuilder 7 beta build.

Friedrich,

Congrats on a significant new feature to add to the SB7 arsenal!

>
> BTW, the "launch non-elevated" functionality will not be available in
> SetupBuilder 6 because the enhanced SetupBuilder 7 compiler is required to
> power that feature.

OK, that is good to know - With all these recent "Blockbuster Beta
Releases" - Windows 7, Clarion 7, SetupBuilder 7 (seems to be a trend in
the version number :-D) -

There is plenty of "Power Tool Experimenting" to satisfy even the most
cutting-edge type A personalities!

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
Profile Exchanges - www.encouragersoftware.com/profile/
http://www.profileexchanges.com/blog/

Hi Jean-Pierre,

Well, the problem is that I don't have any idea what other applications are
doing with my system. So I'd like to know beforehand if an application
needs full access to my machine. And I only give full access to
applications that are code-signed and come from a trusted vendor. But you
never receive all this very important information from your system because
you have UAC turned off.

On your machine, even an application that only requests the lowest available
privileges will get a Full Administrator Token and runs with High Integrity
Level Privileges (administrator execution level privileges). "Hey, I am
Jean-Pierre and I trust you so much that I give you more power over my
machine than you requested. Do whatever you want with my computer." <g>
Fortune favors the brave ;-)

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

The only difference if I may .... is that since long I took the habit of always installing any new app - soft etc on a virtual machine to test it and see if I want to keep
it or not
That virtual machine is every day reseted to a snapshot

Of course even like this I could get problems ....


But again you are correct and so am I (with our habits <bg>)

Cordialement - Best regards
Jean-Pierre GUTSATZ

CGF

DMC - Data Management Center
A tool to let you Migrate Import Export Transfer your Data
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" &
"Works with Windows Server 2008"

> Well, there is no rule without exception <g>

Absolutely (is that a rule?<g>)
--

Mark Riffey
http://www.rescuemarketing.com/blog/
If Guy Kawasaki and the staff of the Wall Street Journal,
Fast Company & Business Week read it, maybe you should too.

>> Well, there is no rule without exception <g>
>
> Absolutely (is that a rule?<g>)
> --

<G> :)

Friedrich

64-bit Vista pics attached

Jane Fleming

>
> 64-bit Vista pics attached
>

PERFECT!!!!!!!!!!

Thanks so much :)

Friedrich

Test finished. Successfully tested on more than 700 different machines and
UAC-aware operating systems.

Thank you for your help!

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner