Hi Friedrich,

Our application runs in a number of configurations:
1) Single, stand-alone (installed into one location)
2) Multiple (with a parent/child setup) installations - so parent has data
and programs, each child has programs, but points to same data
3) Multiple users, single program install - so install is on the parent, and
the children all have shortcuts to use this single install

In (2), we want the server to download an update - and install (more
details, but not necessary for this), then the children (once the parent has
completed the install) must run the update install (direct from the parent
location).

I'd like the child installs to run automatically in a UAC environment, so
the first time the install runs at the child, we assume an administrator
runs the install. From there on, the child app will run the install itself
(automatically) to update. I guess I'd use the "Set Access Control" to
accomplish this on a particular Program Files folder, but if you could
recommend the minimum amount of options to allow a non-admin user to run an
update install (which I'm hoping is the same as the master install, only
that the folder will already be created and have the necessary Access
Control settings). I'm thinking: Create Files / Write Data, Delete
Subfolders and Files, Traverse Folder / Execute File. Should I use anything
else?

Thanks

Geoff

Geoff,

I think if you run the installed (and updater) as elevated, then no
problem. Running the installed application should always be non-elevated.

--

Russ Eggen
RADFusion International, LLC

On 28 Jun 2013 12:13:41 -0400, Geoff Thomson wrote:

> I'd like the child installs to run automatically in a UAC environment, so
> the first time the install runs at the child, we assume an administrator
> runs the install. From there on, the child app will run the install itself
> (automatically) to update. I guess I'd use the "Set Access Control" to
> accomplish this on a particular Program Files folder, but if you could
> recommend the minimum amount of options to allow a non-admin user to run an
> update install (which I'm hoping is the same as the master install, only
> that the folder will already be created and have the necessary Access
> Control settings). I'm thinking: Create Files / Write Data, Delete
> Subfolders and Files, Traverse Folder / Execute File. Should I use anything
> else?

Hi Geoff,

There is no way to install ANY file in to the Program Files folder (or the
Windows folder) unless the installer is running elevated. These are
folders protected by the UAC.

If your non elevated installer tried to write there, Virtualization would
kick in and then your problems are just starting<g>. The same is true of
trying to write to the HKLM Registry node.

User access control has nothing to do with it in this case and would not
help you AFAIK.

The best you could hope for would be that the child installs are elevated
installers and if a non-administrator went to run one (by virtue of being
logged in when your automatic update ran), the would get a prompt for
elevation and could use an "over the shoulder" authentication by an
administrator level account.

But your never going to be able to put any files (program or data) anywhere
under the Program Files directory without Virtualization kicking in.

That is just the way it is from here on out...

Welcome to UAC<g>.

Charles







--
-------------------------------------------------------------------------------------------------------
Charles Edmonds

cjeByteMeSpammers@lansrad.com (remove the "ByteMeSpammers" to email me)
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Geoff,

I'll upload a demo project soon...

Friedrich

Hi Geoff,

I have developed an "UAC Dirty Trick" project that demonstrates how to set
up an application which can be updated non-elevated. The initial install
requires elevation, all updates can be done non-elevated (even if UAC is
turned on).

Just for the records (but I know you are aware of this): This opens a
security hole the size of... a large security hole, so be careful where you
use this <g>.

My recommendation is to NOT use this "hack". I DO NOT RECOMMEND THIS TRICK
AT ALL <g>. I made this trick available to demonstrate the power of
SetupBuilder V8.

Okay, enough of the warnings...here we go.

Please download the following ZIP file (includes the two .sb8 demo projects
and four ASCII text files):

http://www.lindersoft.com/projects/UAC_Dirty_TrickV1.zip

1. UAC_DirtyTrick_Init.sb8

This project "initializes" the non-elevated update method. It's a standard
"requireAdministrator" setup that creates your folders, installs your files,
creates the registry entries, adds the uninstall, etc. And it "manipulates"
the Access Control List for a specific folder under the Program Files (x86)
tree.

This demo project creates "UAC_DirtyTrick" and "UAC_DirtyTrick\SubFolderB"
folders under Program Files. It installs two ASCII text files (FileA.txt
and FileB.txt). The contents of the files stores a test text ('FILEA
Version 1.00' and 'FILEB Version 1.00').

You'll notice that the initial install will display an UAC elevation prompt.


2. UAC_DirtyTrick_Update.sb8

This project "updates" the application. The "UAC Execution Level" is set to
"asInvoker" and runs non-elevated by default. It updates the FileA.txt and
FileB.txt files. The contents of the updated files will be 'FILEA Version
1.10' and 'FILEB Version 1.10'. It will also update the uninstall .log.

You'll notice that the update will NOT display any UAC elevation prompt!

BTW, the uninstall (created at init stage) runs elevated and can remove all
required components.

NOTE: This method does also work in the latest Windows 8.1. But again, it's
not recommended and we (Lindersoft) do not support it!

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

--Helping You Build Better Installations
--SetupBuilder "point. click. ship"
--Create Windows 8 ready installations in minutes
--Official Comodo Code Signing and SSL Certificate Partner

My computer exploded. Dangit!

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.

Jeff,

> My computer exploded. Dangit!

In that case you don't have to worry about big red 1's allover!<g>

Lee White

>
> My computer exploded. Dangit!
>

I warned you...I WARNED YOU!!! :-)

Friedrich

Should have use a Mac! :-)

--

Russ Eggen
RADFusion International, LLC

Hi Friedrich,

I get the message.

I'm reticient to go the route of a backdoor, but then it's not practicable
to have an automatic install that can't "update" a child machine
automagically. I'm guessing that the security hole is essentially that
anyone can install an application (of the same name as my application) into
that folder? Or can they install anything with non-admin rights into that
folder?

Thanks very much for the tip. This is hugely appreciated.

Geoff

Hi Geoff,

> I'm guessing that the security hole is essentially that
> anyone can install an application (of the same name as
> my application) into that folder? Or can they install
> anything with non-admin rights into that folder?

Yes, if the sub-folder under the "Program Files" folder tree is not
protected by UAC then any program (even running non-elevated) can make
modifications. Without any notice or warning, it can replace your app or
modify the binary contents (e.g. to embed malicious code).

Of course, the same can happen if the sub-folder is UAC protected. But in
this case, an elevated running application is required and the end-user has
to approve the UAC prompt (and you cannot be blamed because it's his fault
<g>).

Friedrich

Hi Friedrich,

Thanks for the info. I'm guessing there's no way of doing it in a
"legitimate" way? How do FireFox, Chrome, et al, auto-upgrade themselves, or
do they also do the work-around (I prefer the euphemism to "ugly hack"
:-) )?

Geoff

Hi Geoff,

> Thanks for the info. I'm guessing there's no way of doing it in
> a "legitimate" way? How do FireFox, Chrome, et al, auto-upgrade
> themselves, or do they also do the work-around (I prefer the
> euphemism to "ugly hack" :-) )?

Only an elevated running process can update files in UAC protected areas. I
don't think that Google or Chrome ever made use of the non-elevated "trick"
to bypass UAC. There are other methods available (some tricks do not work
any longer in Win 8.1 or the latest Win7 security updates). For example,
you can (still) use Task Scheduler to run a program with the highest
available privileges and it will launch your UAC restricted update
application without any intervention from you. Of course, this might open
other security holes <g>. But it's another way to handle it.

But the recommended MS method is to let the operating system display the
elevation prompt.

Friedrich