As you probably know, User Account Control (UAC) is the Microsoft answer to
reducing the privileges users run with by default in Windows Vista and
Windows 7. Windows Server 2008 and Windows Server 2008 R2 also support UAC.
A typical problem are applications that are launched as part of an install.
It is very common to start an application at the end of the installation.
Unfortunately, the application is often started under the wrong user context
because the user provided elevated credentials to perform the installation
and the application is created with the elevated user token.
Let us assume, you have a "JoeUser" Standard User account under Vista.
Installation applications always run elevated -- an elevated process is
usually one that has been launched by someone with a Full Administrator
Token and runs with High Integrity Level Privileges (administrator execution
level privileges). If "JoeUser" starts the installation, UAC determines
that the Current User does not have a token of sufficiently high Integrity
Level and the Credentials Prompt asks the user to provide a username and
password of someone who has sufficient rights. Windows will then create the
necessary token for that user and uses it to elevate the process so you can
now continue with the installation. Please note that you are on a
completely different profile after the elevation. You have switched from
the "JoeUser" profile to the "Administrator" profile!
If you launch an application at the end of the installation now, the
elevated privileges are carried over to that application. But unless an
application is designed to be run only by system administrators, it should
always be run with the least privilege! In most cases, running an
application with elevated privileges on Windows Vista platforms is
discouraged.
Developers would like to start the application "non-elevated" at the end of
the installation process so it can perform configurations in the context of
the "original" Standard User. SetupBuilder 7 provides a solution to this
problem.
How to run the "Launch non-elevated" test?
------------------------------------------
Start the RunNonElevated.exe installer on a Standard User account under
Vista, Windows 7, Windows 2008 or Windows 2008 R2. A Credentials Prompt
asks the user to provide a username and password (see elevationprompt.jpg).
The setup will install a asInvoker.exe test application (this represents
your program!) which always runs with the least privileges. At the end
of the installation process, the installer gives an option to launch the
application.
Now comes SetupBuilder 7's magic into play. The "elevated" installer will
launch the asInvoker application with the "JoeUser" Standard User token
(non-elevated)! See attached nonelevated.jpg. The current profile is
"JoeUser" and the Privileges are "User".
Other installation systems would launch the application under the wrong user
context (Administrator). See elevated.jpg.
Please download and test the following code-signed test installer:
http://www.lindersoft.com/RunNonElevated.exe
The installer will automatically uninstall the application at the end of the
test.
If there is any problem, please let me know.
Thank you for your help!
Friedrich
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910
SetupBuilder "point. click. ship"
Create Windows Vista ready installations in minutes
-- Official Comodo Code Signing and SSL Certificate Partner