tags:

views:

864

answers:

4
+2  Q: 

C# setup project output automatically start with administrative rights

Hi,

i've created an setup project for a .net-application which works fine. The problem is, that the application begins to write log-files after startup and this requires administrative rights on windows vista and windows 7. I know there are some folders which i could use to write into without administrative rights. When i start the application as administrator, everything works fine.

I asked myself, if it's possible to change the setup project in visual studio in a way that the installed application automatically owns administrative rights on the target system?

Thanks for every help in advance!

Alex

+4  A: 

You don't want to do this. If it needs rights to a particular directory, then create an account that has them (or modify the subdirectory's rights so that anyone can access it). But don't run as admin just for one feature. Also, look into whether there's another directory you could be writing to, which you already have rights to.

Steven Sudit  2010-05-05 15:45:27
For the record, this was downvoted arbitrarily by someone who is unhappy with me.
Steven Sudit  2010-07-22 15:45:58
A: 

To answer your direct question, yes you can setup a launch condition for the setup project to require administrator, I believe this will take care of the proper escalation for you.

here is a thread with detailed instructions.

Now, to expand, I agree with Steven that you SHOULDN'T do this, at least not just to be able to write a log file.....

Mitchel Sellers  2010-05-05 15:45:36
That's an interesting answer, but I'm not sure if it matches the question. If I understand correctly, Alex would like the application to have rights to a log directory when it executes, while the link you posted is about ensuring that the setup program is run as admin. Now, in principle, the setup could take advantage of being admin by modifying the DACL of the log directory to expose it to all users, but while this might work, I would not recommend it.
Steven Sudit  2010-05-05 15:58:27
@Steven - I would agree, but this does get the poster the question what they want, with the application running as administrator, they can do what they need to do. I agree though that a different alternative should be done. Escalating for logging purposes, is not a "good" solution
Mitchel Sellers  2010-05-05 16:01:35
I think we're on the same page here.
Steven Sudit  2010-05-05 16:14:35
A: 

You could technically do this with a bad hack: The idea is to have the Setup program which runs elevated create a scheduled task that runs the program as admin.

Instead of directly creating a shortcut to your application, the setup creates an shortcut to execute this scheduled task.

See this as reference on how to do that manually: http://www.howtogeek.com/howto/windows-vista/create-administrator-mode-shortcuts-without-uac-prompts-in-windows-vista/

You just need to find a way to create the task programatically from your setup.

On the other hand, I totally agree with Steven too. Try to do it the 'right' way and don't trick the Windows security. It's a good thing and working around it makes the system potentially unsecure, and you don't want to be the one compromising tht Security of others computers.

Sebastian P.R. Gingter  2010-05-05 16:12:36
A: 

Thanks for the answers and hints!

Maybe I didn't describe my problem exactly. I don't need to check the user for admin rights for the installation procedure, I need the rights when I perform the application because the application writes a log file into the applications folder which needs admin rights (at least in Windows Vista and 7).

Of course it's not a good idea to trick the windows security. I just wanted to ask if it's possible in a proper way. As Steven Sudit wrote, the best way to write files during runtime is to use the folders which the current user has the rights to write into.

The suggestion above from Sebastian P. R. Ginter would work but as he said, it's a "bad hack" and it would compromise the security of the system. So I leave my hands off this solution ;-)

Many thanks once again!

Alex

Alex  2010-05-06 14:04:40
One other possibility is to create a subfolder as part of installation and change its DACL to allow Everyone access to it. The app still runs under a normal account, and you only expose the log subdirectory, not the directory that has the code.
Steven Sudit  2010-05-06 20:18:39
How exactly can I do that? I created a folder in my setup project (file system view -> application folder -> add folder). How can i now change the DACL? Couldn't find it. Or do i have to change that programmatically? Thank you very much!
Alex  2010-05-07 12:37:38
@Alex: Programmatically.
Steven Sudit  2010-05-11 17:09:46

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?