Old 28th July 2010, 19:24   #1
aerDNA
Senior Member
 
aerDNA's Avatar
 
Join Date: Feb 2007
Location: Rijeka, Croatia
Posts: 225
Request execution level at runtime

The LUA principle enforced by UAC may be fine in theory but in practice it may be difficult to predetermine the set of privileges a program will need because it can depend on specific external factors which can only be detected at runtime. Since a program can only state required privileges passively, through a manifest, it must request admin rights if there's even a single possible scenario in which it might need them. A typical installer will actually need admin rights so this is not a big issue but I tend to create atypical ones. There's the UAC plugin, which is great but not exactly what I needed so I put some code together that allows for the installer to run restricted, examine the target system and then elevate if needed. Elevation is achieved by reexecuting the installer using the runas verb with ShellExecute, which overrides the manifest. This method is also used for limited accounts, in which case it pops up the account selection dialog (RunAs.exe GUI) instead of UAC prompt - same behavior as using RequestExecutionLevel Admin but better because account selection will also be available in XP/2k. We can also deny the possibility to run as a different user if there's a reason for it. Another plus is that it might be considered a nice thing if the installer first explains to the user that it needs admin rights and why, instead of pesky UAC prompt being the first thing he sees.
The script may seem more complex than it should be but that's because I tried to cover all the angles; I think I succeeded and it tested ok (xp/win7) but it's possible there are faults in it and/or my reasoning, so feedback is more than welcome.
Attached Files
File Type: nsi Elevator.nsi (5.1 KB, 296 views)

PostEnd:
aerDNA is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump