This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: Detecting Elevated Admin on Vista or Higher OS
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Apr 20, 2011
08:14 AM
Detecting Elevated Admin on Vista or Higher OS
We need to check if a user is an elevated Administrator if they run our install from the .msi file, meaning they are just double clicking on the .msi to install our product.
We have some custom actions that will fail if they are not elevated and run the .msi file by double clicking on it. If they run from the setup.exe they the UAC prompt will elevate them and all is well. So we just want to catch the ones that run just the .msi file.
We have the Install Condition set to look for Privileged, but again if they are an Administrator it passes this condition, so the install will continue, but if they are not elevated then some custom actions fail.
I saw the following article:
************************************************
"Determine if current user is an Administrator"
For older Windows Installer versions you can detect if the user which launched your installer is an Administrator by using the Privileged property. This property is empty for limited users and set to “1″ for Administrators.
However, because of the way the User Account Control (UAC) works in newer Windows versions, the Privileged property is also set for limited users on Vista and higher. Basically, from the Windows Installer point of view, any user can become an administrator through elevation. To solve this problem, starting with Windows Installer 4.0 a MSI can use the MSIUSEREALADMINDETECTION property to accurately determine if the current user is an administrator or not.
When setting the MSIUSEREALADMINDETECTION property to “1″, Windows Installer will correctly set AdminUser property based on the current user privileges. So make sure your package sets MSIUSEREALADMINDETECTION before using one of these conditions:
1. determine if the current user is an Administrator:
(Privileged AND (VersionNT < "600") OR ((VersionNT >= "600") AND AdminUser)
2. determine if the current user has limited privileges:
(NOT Privileged AND (VersionNT < "600")) OR ((VersionNT >= "600") AND (NOT AdminUser))
VersionNT is used to determine if the installer is running on Windows Vista or higher.
************************************************
Now it shows that you should set the MSIUSEREALADMINDETECTION property to 1 and then use the above conditions. Now are these correct? I thought the AdminUser property was for older versions and that we should use Privileged, but they use Privileged for OS < 600???
Has anyone used this property and conditions to halt the install if the user is NOT elevated?
Is this the correct way or is there a better way to detect this if the user is running straight from the .msi versus the setup.exe?
Thanks, and any help would be appreciated.
We have some custom actions that will fail if they are not elevated and run the .msi file by double clicking on it. If they run from the setup.exe they the UAC prompt will elevate them and all is well. So we just want to catch the ones that run just the .msi file.
We have the Install Condition set to look for Privileged, but again if they are an Administrator it passes this condition, so the install will continue, but if they are not elevated then some custom actions fail.
I saw the following article:
************************************************
"Determine if current user is an Administrator"
For older Windows Installer versions you can detect if the user which launched your installer is an Administrator by using the Privileged property. This property is empty for limited users and set to “1″ for Administrators.
However, because of the way the User Account Control (UAC) works in newer Windows versions, the Privileged property is also set for limited users on Vista and higher. Basically, from the Windows Installer point of view, any user can become an administrator through elevation. To solve this problem, starting with Windows Installer 4.0 a MSI can use the MSIUSEREALADMINDETECTION property to accurately determine if the current user is an administrator or not.
When setting the MSIUSEREALADMINDETECTION property to “1″, Windows Installer will correctly set AdminUser property based on the current user privileges. So make sure your package sets MSIUSEREALADMINDETECTION before using one of these conditions:
1. determine if the current user is an Administrator:
(Privileged AND (VersionNT < "600") OR ((VersionNT >= "600") AND AdminUser)
2. determine if the current user has limited privileges:
(NOT Privileged AND (VersionNT < "600")) OR ((VersionNT >= "600") AND (NOT AdminUser))
VersionNT is used to determine if the installer is running on Windows Vista or higher.
************************************************
Now it shows that you should set the MSIUSEREALADMINDETECTION property to 1 and then use the above conditions. Now are these correct? I thought the AdminUser property was for older versions and that we should use Privileged, but they use Privileged for OS < 600???
Has anyone used this property and conditions to halt the install if the user is NOT elevated?
Is this the correct way or is there a better way to detect this if the user is running straight from the .msi versus the setup.exe?
Thanks, and any help would be appreciated.
(3) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Apr 20, 2011
03:43 PM
SETUPEXEDIR property may be what you are looking for.
Tim Mayert wrote:
Is this the correct way or is there a better way to detect this if the user is running straight from the .msi versus the setup.exe?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Sep 01, 2011
01:18 PM
I'm dealing with the same issue. I want to prevent a non-admin from installing or uninstalling the software. I set MSIUSEREALADMINDETECTION to 1, and then check AdminUser. With UAC disabled this works fine (although Privileged is still set to 1). But if I have UAC enabled, when I run as a non-admin both AdminUser and Privileged are set to 1.
This also appears in the msi log right above where it sets those properties: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated
How can I reliably check if the user is an administrator?
This also appears in the msi log right above where it sets those properties: MSI_LUA: Setting MsiRunningElevated property to 1 because the install is already running elevated
How can I reliably check if the user is an administrator?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Sep 02, 2011
12:29 PM
AdminUser may have been used instead of Privileged in conditional statements, because the installer only sets the AdminUser property if the user is an administrator. The installer sets the Privileged property if the user is an administrator, or if policy enables the user to install with elevated privileges
