tags:

views:

361

answers:

2
+2  Q: 

Programatically raise user privileges

I have been maintaining an installation for a while but I am not really an expert. now I've been asked to come up with a solution for this:

Our software is always sold together with a computer as it has to be run in a very controlled environment. The installer needs administrative privileges to be executed. So far we had two different users, one with administrative rights and other one without. Our custumer service login as Administrator, install the software and restart the machine so that the user can access as a normal user.

Now we want the user to be able to install the software themselves but we don't want them to have access as an administrator because they can modify things it shouldn't be modified.

So, is there any way to programatically raise the user privileges during the installation and afterwards lower them back? The installer is made using InstallShield but we use vbscript to check some pre-requisites.

Thanks in advance.

+4  A: 

Check out CPAU. It allows you to create an encrypted command that will run the installation as administrator.

EDIT: This is a more comprehensive list of like tools.

itsadok  2008-10-30 09:46:09
+1  A: 

If you are looking for a toolkit to do this kind of thing, well, Microsofts MSI technology has this built in: Administrator access is required to install the initial MSI file, additional patches (MSPs I think) are digitally signed by the original MSI and are thus deemed safe - users can install them without requiring administrator elevation.

You can do the same thing: As part of your administrative install, install a service. The service can create a named pipe - that you explicitly give user ACLs to - or even just a socket or monitor a drop off folder that allows the user level code to communicate with the service code (running with SYSTEM or configured access). The service can then use its SERVICE or configured account level permissions to either impersonate an administrator, or do other tasks on the behalf of the user without EVER giving the user any kind of elevated permission - even temporarily.

Chris Becke  2008-10-30 10:20:28

related questions

Install-base of Java JRE?
Software Deployment in a Virtual Environment
Rails requires RubyGems >= 0.9.4. Please install RubyGems
Deploying a Git subdirectory in Capistrano
Any capistrano comparable for windows/.net?
Pushing out MSI files
Generic design for packaging of user changes for deployment
What's the best way to create ClickOnce deployments
What are some good SSH Servers for windows?
How Do You Secure database.yml?
Whats the best way to securely publish a site post build?
.net solution subversion best practices?
JRuby / Rack deployment
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
Issues with DB after publishing via Database Publishing Wizard from MSFT
How do I make a custom .net client profile installer?
What's the general consensus on supporting Windows 2000?
How do you deploy your SharePoint solutions?
ILMerge Best Practices
Error ADMA5026E for WebSphere Application Server Network Deployment
What is called a Node in a WebSpere Network Deployment
What is your favorite web app deployment workflow with SVN?
An executable Python app
Deploying SQL Server Databases from Test to Live