Is there a way to check if an electron app is launched with the admin rights?
I only found electron-sudo lib to execute commands with admin privileges.
But I have multiple commands to execute and I do not want to prompt the user every time.
So how can I check if the app is started with admin privileges using electron ?
The best thing would be just to execute a command inside the software ex: .isAdminPrivilegesUsed (can be a script that is executed on Windows) that return true or false, and if false :
I will prompt the user that he has to restart the software with admin rights and close it
I checked into how to do this from Node and found this answer: How to know if node-webkit app is running with Administrator/elevated privilege?.
I checked into the answer, downloaded node-windows and tried it. The solution, however, brought up the UAC dialog and always responded with "The user has administrative privileges".
I dug into the node-windows code that handles the isAdminUser command and found that it tried to run NET SESSION and, if does not have privilege, tries to run it elevated causing the UAC dialog.
I pulled out the part that does the elevate and ended up with this snippet:
var exec = require('child_process').exec;
exec('NET SESSION', function(err,so,se) {
console.log(se.length === 0 ? "admin" : "not admin");
});
I tested this by running the application normally and with "Run as Administrator". The code above correctly displayed "not admin" when not run as administrator and "admin" when run as administrator.
This should work for the content of your .isAdminPrivilegesUsed method you referenced in the question.
You can now specify that an app should run with elevated privileges using the electron build tools:
electron-builder
Add the following to your package.json:
"build": {
"win": {
"requestedExecutionLevel": "highestAvailable"
}
},
highestAvailable or requireAdministrator available. For full details, see: https://www.electron.build/configuration/win.html#WindowsConfiguration-requestedExecutionLevel
electron-packager
When you call electron-packager add the following command-line parameter:
--win32metadata.requested-execution-level=highestAvailable
highestAvailable or requireAdministrator available. For full details, see https://electron.github.io/electron-packager/master/interfaces/electronpackager.win32metadataoptions.html#requested_execution_level
Note
These options make the program request elevated privileges rather than check whether the program is running with administrator privileges.
If you are using electron-packager, just add --win32metadata.requested-execution-level=requireAdministrator. Eg:
electron-packager app --asar=true --platform=win32 --arch=ia32 --win32metadata.requested-execution-level=requireAdministrator --overwrite
Not a direct answer to your question. Another option to solve this problem is to force the application to be executed as administrator.
This can be done by updating the manifest file for the application, one guide on how to do this with Electron is here: http://layer0.authentise.com/electron-and-uac-on-windows.html
A popular Electron app has a solution for this problem
https://github.com/microsoft/vscode
In the package.json file they have two useful dependencies:
https://www.npmjs.com/package/native-is-elevated
https://www.npmjs.com/package/#vscode/sudo-prompt
They check to see if permissions are elevated using native-is-elevated, and if not, prompt for an admin password using sudo-prompt.
You can read the source code for the process here:
https://github.com/microsoft/vscode/blob/8845f89c1e4183b54126cd629cd45c8f0f7549f2/src/vs/platform/native/electron-main/nativeHostMainService.ts#L491
I have created an example Electron app using this approach here:
https://github.com/kmturley/electron-runas-admin
Related
heroku : File C:\Users\mar\AppData\Roaming\npm\heroku.ps1 cannot be loaded. The file C:\Users\mar\AppData\Roaming\npm\heroku.ps1 is not digitally
signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
This is the error I'm getting. I've tried running "heroku -v" within the cmd and it works there so I know it was installed correctly. However, when I run the same command in visual studio I get the above error. I'm running visual studio code in admin mode and I installed heroku from admin mode as well.
I also enabled developer mode in my computer settings.
You need to set the execution policy regardless of whether you are running in administrator mode or not for PowerShell.
You can read more about this here
You can also see that it's throwing an error with regards to execution policy. The error basically means that windows could not verify the identity of the user that created the script and is blocking you from running it because it may be harmful (based on the fact that it could not verify the identity of the file creator).
This is just a counter-measure to prevent malicious scripts from running automatically.
If you want to run the script I would suggest running
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
and then running the Heroku commands. The above script removes restrictions on script executions on the current logged in user.
I am currently testing permissions as an administrator and need to test something as a standard user. There are ways to make standard users run as administrator, but I can't think of a way to run as a standard user as an administrator. If I were to remove my administrator rights, it would take awhile for IT to give me my admin rights back. Is there a better option that doesn't include setting up my dev environment as another user? I'm trying to run Visual Studio as a standard user, if that helps.
Thanks in advance
Create a file with the contents "filename.reg":
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT*\shell\forcerunasinvoker]
#="Run without privilege elevation"
[HKEY_CLASSES_ROOT*\shell\forcerunasinvoker\command]
#="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""
Run the file and apply registry changes, and then right click "Run without privilege elevation" on the file that needs to be tested. Found this solution from another thread! Thanks!
I need to run an AutoIt program with administrator privileges. I use #requireadmin while installing. Is that enough to run the program after install with administrative privileges without using #requireadmin or should I try something else?
You must use #requireadmin in the 2nd program because it is affects current script only.
When you install your program and it is run with admin privileges, you can create a scheduled task that has the "run with highest privileges" option set. Then later when your application is run without admin privileges it can run this task in order to gain admin privileges.
Search around for ObjCreate("Schedule.Service") or for task scheduler UDFs for how to do this. Also for examples and documentation for the task scheduler com object in windows here.
I am using NSSM (the Non-Sucking Service Manager) to install a windows service from a batch file like this
"nssm install C:\stash\runstash.bat"
but it throws:
"Administrator access is needed to install a service"
When I check user accounts in control panel, it shows that I am logged in with a User Name in the "Administrators" group.
Does anyone knows any possible reasons for this issue?
Thanks
You running it from command line, right? Then run with admin rights. There few possible ways:
right click on cmd shortcut, the run as administrator
execute cmd /admin
I believe you have UAC on on your PC, that's most programs run with user grant by defaul
I have a runnable jar file, that I start with
java -jar myFile.jar
on Windows. A customer stated that he had problems starting the application (which is this jar file wrapped into an executable). I have the suspicion that it has something to do with admin rights. So I'd like to run my jar file without admin rights for testing purposes (because this way I get the System.out/err which helps greatly for debugging).
I realize that I can just create a non-admin account and start the application there, but I'd like to know if there is a way to specifically start a jar from an admin account so that it doesn't have admin rights in the console. Or alternatively: Is there a way to open up a console that has no admin rights from an admin account?
The customer uses Windows XP, so this is the operating system that I can use. (Although if you know something in a newer Windows like Win7, I appreciate it if you would tell me too).
EDIT: To clarify: I am looking for something like this
java -jar -runWithoutAdminRights myFile.jar
or
start /runWithoutAdminRights java -jar myFile.jar
or a way to open up a non-admin console from an admin account.
The Runas command definitely looks like the way to go.
I believe the way to go about this would be to first check the trust level options available to you:
runas /showtrustlevels
You should get something like the following:
C:\Windows\system32>runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)
You would then take the value for "Basic User" and run something like the following to start java:
runas /trustlevel:0x20000 "java -jar myFile.jar"
You can follow the below steps:
Log in as the Administrator
Open the command line
Go to System32 folder (cd C:/Windows/System32)
execute: runas /user:computer_domain_name\user1 cmd
You will be asked to provide the user1's password. Afterwards a new command line opens with the user1's rights.
I have tried it and it worked.
In conclusion you can write a very simple batch which performs the steps 2,3,4 automatically so that when you click it, a command line will open with the rights of another user.
I hope this helps.
edit registry is best way to run jar file with administrator automatically.
is easy if you have setup for java application.
go to following path in registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
create a key(String Value) with following specification:
ValueName: java path+javaw.exe(example c:\program files\java\jre7\bin\javaw.exe)
ValueData: "WINXPSP3 RUNASADMIN"
Now All Jar Files Runs to Administartor