I'm returning to an issue explored on n/g before - that of the best way
(under Vista) of enabling a program to directly access system-level
functions (e.g. system date/time set).

I had made the decision to just run the thing as Administrator (I think the
words "sod it" exited my lips <g>), and turned to Setup Builder to modify
the installer accordingly.

But when I reached (what I think is) the appropriate SB Help section re.
"embed Vista manifest", I hesitated, because the help seems to indicate that
I still haven't got the idea of this right!
I was thinking that I could just get SB to install my program with
Administrator privileges (regardless of the logged in user) ... but the help
says:

<quote>
Requested Execution Level

[in] Specifies the minimum execution level required by your application
for running on Windows Vista platforms. This parameter can be one of the
following values:

asInvoker- [etc]

highestAvailable- [etc]

requireAdministrator-Application runs only for administrators.
Recommended for administrator only applications.

The application should run only for administrators, must be launched
with a full administrator access token, and will not run correctly in a
standard user context. This requested execution level marking is reserved
for pre-Windows Vista applications that require the user to be a member of
the local Administrators group.
</quote>


Hmm.. now what I take that to mean is that even if I embed it with the
'highest' level (i.e. requireAdministrator), if the logged user who is
running my program does *not* himself have Admin status, then my program
will FAIL on those parts that require Admin (i.e. those very
system-manipulating parts of the program that I am trying to cater for)!!

In short: no matter how I embed the manifest, my program can not do any
system-level stuff unless the logged user has admin (or the admin password -
which defeats all security purposes).

Shorter: what I want CAN'T BE DONE....?

Steve

Steve,

First of all, the installer ALWAYS has to request administrator execution
level privileges, your own application should NEVER request those
privileges. You should only request "asInvoker" privileges.

If your application is running unelevated, it cannot perform any protected
system-manipulating parts in Vista/2008 (e.g. write the HKLM, Program Files,
set the system clock, etc.). If you set the manifest to
"requireAdministrator" for your application (not recommended) then
Vista/2008 will always display the elevation prompt. But after that you can
perform system-manipulating parts.

Does this help?

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> Does this help?

Not really <g>.. but you appear to be confirming what I posted.

> If you set the manifest to "requireAdministrator" for your application
> (not recommended) then Vista/2008 will always display the elevation
> prompt. But after that you can perform system-manipulating parts.

But the "elevation prompt" surely requires an Admin password!

Which goes back to it being IMPOSSIBLE to perform system-manipulations
wholly within a 'normal' user account.
Which breaks funcitonality in my app!

So I have to tell my (Vista) users that in order to get full funcitonality,
they MUST run my app in an Admin account (or know the Admin password, which
is the same thing).

This is *so* screwed.... !!!!!

Steve

(Sorry Friedrich.. you are just the bearer of bad news - but at least there
is knowledge and solid info on this n/g!)

> So I have to tell my (Vista) users that in order to get full funcitonality,
> they MUST run my app in an Admin account (or know the Admin password, which
> is the same thing).
>
> This is *so* screwed.... !!!!!

Now Steve...

You know that if Microsoft had wanted you to change things at a system
level they would have added your name to the list...

(sorry - I had to pour salt in the wounds<g>)

<VBG>


Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi Steve,

>> Does this help?
>
> Not really <g>.. but you appear to be confirming what I posted.

<G>

>
> But the "elevation prompt" surely requires an Admin password!
>

Absolutely!

> Which goes back to it being IMPOSSIBLE to perform system-manipulations
> wholly within a 'normal' user account.
> Which breaks funcitonality in my app!
>
> So I have to tell my (Vista) users that in order to get full
> funcitonality, they MUST run my app in an Admin account (or know the
> Admin password, which is the same thing).
>
> This is *so* screwed.... !!!!!

And this behavior will not change in Windows 7. It's a permanent change to
the Windows OS.

BTW, if you try to manipulate the clock using the "Change date and time..."
Vista function, then you'll see the same elevation prompt. There is no way
around it (if UAC is enabled).

> (Sorry Friedrich.. you are just the bearer of bad news - but at least
> there is knowledge and solid info on this n/g!)

Thank you!

Friedrich

> Hmm.. now what I take that to mean is that even if I embed it with the
> 'highest' level (i.e. requireAdministrator), if the logged user who is
> running my program does *not* himself have Admin status, then my program
> will FAIL on those parts that require Admin (i.e. those very
> system-manipulating parts of the program that I am trying to cater for)!!

By the way, if you embed the 'highest' level (requireAdministrator) and the
user does not have the admin password, then your application will not only
fail on those parts that require Admin. Your program will not start at all!

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Another quick note (not sure if the word "installer" in the following was a
typo):

> I had made the decision to just run the thing as Administrator (I think
> the
> words "sod it" exited my lips <g>), and turned to Setup Builder to modify
> the installer accordingly.
>
> But when I reached (what I think is) the appropriate SB Help section re.
> "embed Vista manifest", I hesitated, because the help seems to indicate
> that
> I still haven't got the idea of this right!

"Embed Vista manifest" does not change the installer manifest. It can be
used (at compile time) to embed a manifest into your application file(s).
The installer should always have a "requireAdministrator" manifest.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

I was referring to embedding a Vista manifest in my application.

Steve Bywaters

Steve,
I've seen similar misconceptions on these newsgroups.
A *program* does not have rights. (Well, that's not strictly true, but
valid for this discussion. Under Vista it has an "integrity level" that can
restrict its access even when run under an Administrator account.)
A program running as a service has the permissions of the account under
which its running... which may be specially created for it, or "system", or
another account.
A program started by a user has HIS permissions behind it.
If he can't write to HKLM, Program Files, etc., neither can a program he
runs.
requireAdministrator means your program requires an administrator to run it,
and will ask him for elevation each time it's run.

Jane

And it's a *rubbish* way to organise things!

Obviously (in my case for example), this prevents a program from running
with full functionality.

A better way would be that the program itself should have 'rights', which
would be set up at installation (via the installer) by an Administrator user
who had those rights, and acknowledged to the O/s (at installation) that the
program should inherit them - for all users.

Steve Bywaters