How to launch a program as as a normal user from a UAC elevated installer

views:

356

answers:

+1 Q:

How to launch a program as as a normal user from a UAC elevated installer

I'm writing an NSIS installer and the setup program elevates "as administrator" as needed on Windows 7 / vista. I need to run the installed program at the end of the install and don't want to launch it with the same privileges as the installer.

The regular NSIS exec commands run the child process with the same permissions as the installer.

There is a UAC plugin for NSIS, but the documentation on it isn't great and it seems v. new; I'd prefer not to use that plugin.

Ideally, I'm looking for a small .exe I can include that'll launch the target program without UAC elevation. Does this exist?

Any other suggestions?

Thanks!

+1 A:

You only have two options:

Uncheck and remove the run checkbox (When running on NT6+)
Use the UAC plugin (It is not that new, but it is a pain to use, so I would suggest you just go for the first option)

There is no external program you can use since it is impossible to get back to the original user from a elevated process (You can try, and get pretty close, but it will not get the correct user in every case)

Anders 2010-03-10 15:28:30

Option 1 is what we had chosen but this is not "ideal".Has Microsoft made it impossible to run a process "de-elevated"? It seems absurd to not have an API for that.I'm new to NSIS and don't know it too well so I"m not entirely sure how UAC will interact with the MultiUser.nsh script. So, that's another complication I'd like to not deal with.

KZ 2010-03-10 15:41:13

@KZ: Yes, it's impossible to launch a un-elevated process from an elevated one. The only workaround is to start with an un-elevated process, have it launch your elevated process, and have the elevated process communicate back to the un-elevated one when you want to launch something. That's what the UAC plugin does. I've been using it for many months without problems.

Daniel Stutzbach 2010-03-10 15:59:23

All right then, so back to option 1 and 2. I guess I'll get around to integrating the UAC plugin for a later build.Thanks for the help!

KZ 2010-03-10 16:25:49

I found the following, which could be wrappered into a a simple command line utility:

http://brandonlive.com/2008/04/27/getting-the-shell-to-run-an-application-for-you-part-2-how/

It only took about an hour to get that code working for my project, and it works flawlessly so far. ;)

Mordachai 2010-05-12 14:10:21

And if the user running the installer (RunAs/Secondary Logon) is not the same as the login user/explorer shell? There simply is no way to go back down that works in all cases!

Anders 2010-05-12 20:07:40

Why oh why did MS not give a direct method for doing this?! Bizarre! Since this will work in the typical case (end-user running our installer in elevated privileges mode), it'll work for us. But, sigh...

Mordachai 2010-05-13 15:14:42

ansaurus

tags:

views:

answers:

How to launch a program as as a normal user from a UAC elevated installer

related questions