[RESOLVED] Run as Administrator Vista Privileges

[jemidiah]

Problem: how can I get my program to write to Program Files without making a Vista user (we can assume they're an administrator if needed) take any extra steps? Literally nothing changes on their part, no dialogs, no property changes, nothing.


Background: years ago to learn VB and programming in general I wrote this app. It ended up being worthwhile to sell, but now I have a rather poorly written (though quite usable) program with a number of users. With Vista becoming more and more prevalent, my users will eventually switch over, and I want the program to at least run with little to no hassle. (I'll almost certainly have to rewrite it in a few years if it's life cycle lasts that long, but that's a ways off.)

One of the things I did was write to the program's directory. In context it's actually quite logical; they're files that the user should never see, and sticking them in say My Documents would be potentially dangerous. These users are pretty computer illiterate, hence me wanting to save them every hassle; some know just enough to be dangerous, so the files should be in a place they'd never go on their own. Right now it's not worth it to change my program's directory structure, so I'll have to somehow get the program to write to its directory without hassle on their end.


What I've got so far: I searched for a while but information seemed sketchy at best about how to programmatically increase privileges. I can't test any of it myself because I don't have Vista. I would be inclined to say it can't be done as a security issue, except that InnoSetup seems to have done it. I was troubleshooting the first installation of this program on Vista over the phone and had them run a setup I sent, and they didn't say anything about access privileges even though that setup overwrote something in Program Files.

Right now I'm just having them Run as Administrator each time they launch the program. I would have them set Always Run as Administrator, but I'm not sure what happens when that shortcut or exe gets updated/replaced by a newer copy, and this is a patch at best. I found some things that mention you can request higher privileges with a Manifest file, but that a prompt will come up with that option.

So... I'm hoping there's some magical way for me to do this. I guess if worst comes to worst I can dig for an option in Inno that lets me reset the program to always run as administrator upon installation/update, which would likely require a button press from the user (though maybe not, I can't test it without a significant hassle, i.e. getting them on the phone and trying out the new thing). If I can avoid this extra step and hassle, I'd like to.

Thanks!

[si_the_geek]

You should never have used the Program Files directory, it has always been off-limits for data files - the problem is that you (and presumably your users too) don't care about security, so log in to Windows as an admin/power user, and thus have write access (many people don't).

Instead the place you should store data files is the AppData folders, which are much more hidden than the Program Files folder.


If you want to do that, you can find code to detect the location here. It shouldn't be hard to change, the biggest part you'll need to do is move any existing files over from Program Files the first time the new version of the program runs.

[dilettante]

There is no magic. The purpose of UAC is to make it hard for malware to inject itself by overwriting legitimately installed EXE, DLL, etc. files and system registry keys silently. The UAC prompt is a warning, and almost all well written user software should not raise a UAC prompt during normal operation. If it must be elevated for some operations the program is supposed to display the UAC shield on the button, menu item, etc. that will initiate that function.

For guidance in updating applications that were not written for Least User Privilege you can see Developer Best Practices and Guidelines for Applications in a Least Privileged Environment which has links to developer information on the subject.

[jemidiah]

As I said in my explanation, I know writing to PF is bad, and I know I can change it. I also know it's not worth changing right now to hide a little dialog, and fix a security "hole" these users have been living with for years on XP without incident. I also know the purpose of UAC, but for my application it's unhelpful to be chided about ignoring it. Really I'm not that new at this....


Lemme redo my question then: how do setup programs write to PF? From my anecdotal evidence Inno doesn't require a security confirmation. Is this correct, and if so how is this achieved?

[dilettante]

What makes you think an Inno Setup package doesn't request elevation? Or are you talking about the packaging tool itself?

Yes, there is a way to bypass UAC on a per-program basis without installing any funky "starter" service, etc. Setting this requires elevation, so a user with no admin credentials can't do it anyway. Even so, I suspect it is the kind of thing we are not permitted to share here.

I'm not trying to give you a hard time, we've all been faced with the same thing.

[Joacim Andersson]

Setup programs run under a special "trusted installer" account.
You need to create a manifest file to elevate the privileges your application requires. This will cause a Vista dialog to popup when the user tries to start your application and they need to be administrators or log on as one to run your application.

Code:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 
   <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="MyApp" type="win32"/>
      <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator"/> 
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>

[jemidiah]

Joacim: assuming the user is logged in as an administrator, will that generate a security dialog when they start the program or no?


dilettante: sorry if I came off a bit short. I just put some time into my original post and believed I had already addressed the content of the first two replies, and it irked me a little more than it should have. Chalk it up to stress

As for why I think Inno doesn't need a confirmation, like I said it's anecdotal and the user might have simply said nothing when one came up (though I doubt it, they were pretty thorough in telling me what was happening over the phone). Also, it just seems weird that every installer would have a security dialog. If I put a CD in my drive, yes, I want it to install the program. I'd test it myself if I had access to Vista.

[Joacim Andersson]

Yes, you will get a security dialog and you can't avoid that. BTW, while you have UAC active: yes you will get a security dialog every time you start an installer as well.

[RobDog888]

If you are placing shared files in hte PF directory remember that File Virtualization will occur and give you either errors on accessing it (like file not found) or out of sync data if used by multiple users. The PF directory should be avoided for storing shared data at all costs.

[jemidiah]

ty for the heads-up Rob. Yeah, I've encountered that virtualization before. Was confusing as all heck when I wanted something unzipped into PF and it made magical folders instead.

ty for your answer as well Joacim. Thread resolved as well as it can be