jvlad
Posts: 5
Joined: Wed Jun 20, 2007 11:14 pm

VISTA & UAC / Elevation problems

Wed Jun 20, 2007 11:41 pm

I'm looking for a MSI-based toolkit to create installers for my company products and AI looks promising. Yet, I can't find some crusial info regarding Vista/UAC in the manual. Yep, some basic explanations are there but real-life problems are much deeper.

Let's consider the following scenario.
1) UserA installs my software. Its destination folder is \Program Files\MyCompanyName\MyProductName. Since installer is Vista-aware, it tells OS that it requires Admin privileges (otherwise it won't get write permissions to write to Program Files). In other words, Vista will run this software elevated. Another reason it has to be elevated is because it contains some COM objects and therefore needs write permissions to HKCR and HKLM.
2) Software being installed intensively uses two things on per-user basis: registry values under HKCU and its own subdirectory that it creates in the user profile. In other words software has to be run under regular user credentials (UserA in our case) except the case when it registers itself as a COM object in other words when it runs with -RegServer/-UnregServer argument it needs admin rights.
3) Installer I want to create should be friendly and let user launch software at the final step.
4) Uninstaller should remove/cleanup all the things the installer and software created.

Now the questions:
-Will installer created with AI run software under UserA credentials at the final installation step (see p3)? I have some doubts because installer runs elevated (with admin privileges).

-How to tell uninstaller where to look for HKCU entries created by software? I can't just tell HKCU because it will be admin's HKCU in this case, since uninstaller is elevated too. It's more appropriate to scan all HKU, but it's not clear how to do this.


-How to tell the uninstaller where to look for subdirectories the software created in user profiles? It's my undestanding that if I leave it by default it will try to delete subdirectories in Admin user profile because uninstaller will be run elevated. It's more appropriate to scan all user profiles but it's not clear how to achieve this.

-jv

gigi
Posts: 2103
Joined: Tue Apr 11, 2006 9:55 am
Contact:  Website

Fri Jun 22, 2007 9:19 am

Hi,
Will installer created with AI run software under UserA credentials at the final installation step (see p3)? I have some doubts because installer runs elevated (with admin privileges).
If your package requires administrator rights then set the "Installation Type" in the "Install Parameters" page to "Per-machine only...".

If you use "Finish Actions" under "ExitDialog" to run your application and your package is a MSI then your application will run as normal user. If your package is EXE and runs elevated (in the "Media->Bootstrapper" page see the "Execution Level" option) then your application will run elevated.
How to tell uninstaller where to look for HKCU entries created by software? I can't just tell HKCU because it will be admin's HKCU in this case, since uninstaller is elevated too. It's more appropriate to scan all HKU, but it's not clear how to do this.

-How to tell the uninstaller where to look for subdirectories the software created in user profiles? It's my undestanding that if I leave it by default it will try to delete subdirectories in Admin user profile because uninstaller will be run elevated. It's more appropriate to scan all user profiles but it's not clear how to achieve this.
This can be done by using a custom action but this is not an easy job. Think that an user (even if it's an administrator) can not delete other user files, needs to be owner in order to delete them.

If you create a custom action for this then note that you need to set "Deferred with no impersonation" as "Execution Options" in order to run the custom action in the system context.

Regards,
Gigi
______________
Gheorghe Rada
Advanced Installer Team
http://www.advancedinstaller.com

jvlad
Posts: 5
Joined: Wed Jun 20, 2007 11:14 pm

Fri Jun 22, 2007 4:52 pm

thanks for your prompt reply.
If your package is EXE and runs elevated (in the "Media->Bootstrapper" page see the "Execution Level" option) then your application will run elevated.
I need to create all-in-one package, therefore it will be exe with msi built-in. Am I correct assuming that this is possible?
And of course I'd need application to be run with original token (non-elevated).
Think that an user (even if it's an administrator) can not delete other user files
I believe that administrator can delete other user files because they all have Full Control for Administrators group on the access rights page.
If there is no Full Control, I'd not care if they remain non-deleted after uninstall :)
If you create a custom action for this then note that you need to set "Deferred with no impersonation" as "Execution Options" in order to run the custom action in the system context.
Looks promissing. But how to enumerate all users in HKU? and how to enumerate the profiles?

Thanks for your answers.
-vlad

gigi
Posts: 2103
Joined: Tue Apr 11, 2006 9:55 am
Contact:  Website

Mon Jun 25, 2007 10:11 am

Hi Vlad,
I need to create all-in-one package, therefore it will be exe with msi built-in. Am I correct assuming that this is possible?
And of course I'd need application to be run with original token (non-elevated).
Yes, this can be done in the "Media->Bootstrapper" page ("Include install files in EXE" option). And your application will run with the token inherited from the EXE package.
Looks promissing. But how to enumerate all users in HKU? and how to enumerate the profiles?
You can create a custom action that enumerates the users on the target computer and delete files from their profiles. Here is a script example on how to enumerate users on the target computer:
http://www.prosygma.com/technet/prosygm ... counts.htm

Hope this helps,
Gigi
______________
Gheorghe Rada
Advanced Installer Team
http://www.advancedinstaller.com

jvlad
Posts: 5
Joined: Wed Jun 20, 2007 11:14 pm

Fri Jun 29, 2007 7:50 pm

Hi Gigi,
I'm sorry for the delay, I've fallen ill for a week.
Yes, this can be done in the "Media->Bootstrapper" page ("Include install files in EXE" option). And your application will run with the token inherited from the EXE package.
I'm sorry if I did not make my concerns clear.
Please, look, in my case 'setup.exe' is supposed to be run elevated (or it won't be able to perform its tasks for me). But, the installed application is supposed to run in non-elevated fashion at the final step of the installation process.
Is there a way to achieve this with AI?
I hope what I need is a bit clearer now :roll:

BTW there are rumors at the msdn blogs that elevated applications get two tokens. http://blogs.msdn.com/cjacks/archive/20 ... Vista.aspx

-Vlad.

jvlad
Posts: 5
Joined: Wed Jun 20, 2007 11:14 pm

Fri Jun 29, 2007 8:14 pm

some related info from the microsoft site:
Question: How is it possible to elevate an application to use Admin
Privilege?

Answer: Elevation can be:

a.. forced by the developer adding a manifest to the application.
b.. forced by the user with "run as administrator" command.
c.. forced by the developer for a component using the "Elevation moniker".


Question: how is it possible to understand if a user is currently running
with the filtered access token?

Answer: Use OpenProcessToken(GetCurrentProcess():) and
GetTokenInformation( : TokenElevationType: ); and check TokenElevationType:

a.. TokenElevationTypeDefault: The process user is not using a filtered
token (i.e. it is a standard user, or UAC disabled for the user).
b.. TokenElevationTypeFull: The process has a split token and is running
elevated.
c.. TokenElevationTypeLimited: The process has a split token and is
running as standard-user.


Question: how is it possible to read all of the access tokens associated to
a user (i.e. the filtered access token and the real user token)

Answer: use OpenProcessToken(GetCurrentProcess():) and GetTokenInformation.
To detect if the user has two tokens.

If you have 2 tokens and you are running with the filtered token, use the
ShellExecuteEx() or the elevation moniker to run a process with the
unfiltered token.

If you have 2 tokens and you are running with the unfiltered token, use the
ShellExecuteEx() to run a process with the filtered token.

gigi
Posts: 2103
Joined: Tue Apr 11, 2006 9:55 am
Contact:  Website

Mon Jul 02, 2007 3:03 pm

Hi,
But, the installed application is supposed to run in non-elevated fashion at the final step of the installation process.
Is there a way to achieve this with AI?
This cannot be done. If the EXE Bootstrapper runs elevated the application executable will run elevated. But we shall investigate this case to see if can be done. I add this on our TODO list.

Also why exactly you want to run the installed application non-elevated with the setup EXE elevated?

Regards,
Gigi
______________
Gheorghe Rada
Advanced Installer Team
http://www.advancedinstaller.com

jvlad
Posts: 5
Joined: Wed Jun 20, 2007 11:14 pm

Tue Jul 03, 2007 8:08 am

Also why exactly you want to run the installed application non-elevated with the setup EXE elevated?
because, otherwise application will work with Admin's profile and Admin's HKCU. If user launches the software next time, it will work with the user's profile and HKCU and therefore it will not see anything he/she has done in the first run.
Also, I'd mention that the application is not intended to run with elevation, except when it registers itself as a COM server and registers its file associations for windows shell.

Dan
Posts: 4513
Joined: Wed Apr 24, 2013 3:51 pm

Re: VISTA & UAC / Elevation problems

Thu Nov 22, 2018 1:52 pm

Hello,

Starting with the 15.2 version of Advanced Installer released on August 13th, 2018, the support to launch app without admin rights for predefined "LaunchFile" custom action has been added.

Basically, no matter if the installer is running elevated or not, the launched exe will always be launched without admin rights when the predefined LaunchFile custom action is used.

In case you need admin privileges for the .exe, then you enable the run as admin[/n] from the launch file custom action properties.

Best regards,
Dan
Dan Ghiorghita - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”