This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Installing applications for Administrators
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Aug 30, 2007
10:05 AM
Installing applications for Administrators
I'm creating an install for a .NET application written in C# that comprises three .exe files; the main application shall be accessible for all users of the computer, the other two are tools that only members of the Administrator group shall be able to launch. We only support VersionNT > 400 operating systems (2000, XP, Vista).
Before Windows Vista, it was sufficient to populate the LockPermission table and give only the Administrator group full access over the tools I install.
With Vista's UAC I find that the only way to achieve something similar is to embed a manifest file into the tools' .exe files that contains a line like
Unfortunately, this addition to the manifest is ignored by Windows XP and the .exe files can be launched by any user.
Is there a unified way to ensure that only members of the Administrators group (XP and/or Vista) can launch an application? Probably it would be a good idea to code this directly into the assemblies; still the question is: how would you do it without changing the assemblies' code?
Regards,
Stoffi
Before Windows Vista, it was sufficient to populate the LockPermission table and give only the Administrator group full access over the tools I install.
With Vista's UAC I find that the only way to achieve something similar is to embed a manifest file into the tools' .exe files that contains a line like
Unfortunately, this addition to the manifest is ignored by Windows XP and the .exe files can be launched by any user.
Is there a unified way to ensure that only members of the Administrators group (XP and/or Vista) can launch an application? Probably it would be a good idea to code this directly into the assemblies; still the question is: how would you do it without changing the assemblies' code?
Regards,
Stoffi
(1) Reply
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Aug 30, 2007
12:00 PM
There is no such unified way that I'm aware of. Even the manifest you describe may or may not work in various UAC scenarios on Vista (although I think it will disallow running without, it may not allow the privilege increase you need). The simplest most fool-proof method I can imagine would be a correct programmatic probing of whether your application actually has access to the file. If it does not, it should then use ShellExecute[Ex] or equivalent with the "runas" verb to launch itself while requesting extra privileges. This works both on and before Vista.