Automatically elevate Windows setup to admin mode - windows

We have legacy desktop native app with custom setup. The setup is signed and must be run as administrator. Current prod setup EXE that was built and signed 5 years ago is automatically elevated and run as admin on Windows 7 or 8. The setup we rebuilt now and is also signed with different cert and has the same name as old one is not automatically elevated to admin and therefore fails.
What makes Windows to run the setup EXE automatically as admin?

Signing is not related to admin privileges, so don't worry about it in that respect.
To expand on Harry Johnson's comment (which is correct), early versions of UAC on Windows used to automatically elevate programs that looked like setup programs. I don't know the exact algorithm used, but programs with setup or install in the names or descriptions were elevated. That doesn't happen any more, and on UAC programs run by admins are not elevated unless they explicitly elevate with a manifest or a run as administrator.
Without knowing where that setup.exe comes from, if you build it. or it comes with a version of a setup tool (Visual Studio?) then it's hard to say how to fix it.
If this happens to be an MSI-based install then the MSI will ask for elevation if it's marked that way. It's not clear from the question which part of the setup requires elevation, but if it's setup.exe that actually does the install, then all of it needs elevation and it needs an elevation manifest.

Related

Workaround for 'Apps & features' in Windows 10 starting a single-user uninstaller elevated

When users try to uninstall their own single user installation (for example installed using lowestprivileges none and HKCU entries) with 'Add/Remove Programs' in the Control Panel, everything works fine (that is, non-admin users can uninstall their own non-admin installation).
However the uninstaller will be elevated, when users start it from 'Apps & features' (Windows 10).
This seems to be a known Windows 10 bug:
How to prevent uninstaller elevating for Standard Windows 10 user?
Is there a way to work-around this issue when the Inno Setup uninstaller is started from 'Apps & features'?
Link this NSIS Workaround for Windows uninstaller elevation bug.
You will have to do exactly what that NSIS hack does.
Find out what is the Windows GUI user (and assume that you should uninstall as that user). Alternatively, you can store the username into some file in the installation folder.
Re-execute the installer as that user. That hack uses StdUtils NSIS plug-in with its ExecShellAsUser function. Maybe the DLL can be used from Inno Setup. If not, you can at least reuse its code.
All this is imo to much to ask in a single question. If you have specific problems, consider asking more specific questions.
Simpler alternative would be to prevent the uninstallation, when executed as different user, and show a suggestion to the user to go to Control panel instead.
For a similar question, see Uninstaller trouble with standard Windows user.

How does Windows know I'm installing something?

It's a common practice to disallow users from installing programs without elevated privileges, especially in larger companies. When the user runs the installation executable (whether .exe or .msi), the user is prompted for these admin credentials before User Access Control will allow the installation. A lot of programs that require installation take advantage of the default Windows installer .msi packaging or something similar, but an executable file could perform all the same functionalities, right?
Is it this common installation-packaging solution that tells Windows, "Hey, I'm an installer. Something is being installed."? Windows isn't analyzing the actual behavior of the executable file, right?
If your question is about asking for admin credentials, that's normal behavior when an executeable has a manifest that says it requires admin privilieges. I guess that if you say your InnoSetup requires admin privileges it will include a manifest requiring elevation, and Windows will show the elevation prompt.
There is no such thing as Windows InstallShield, in case you are thinking that InstallShield is a Microsoft Windows product. InstallShield is a 3rd party product that in many cases creates an MSI file. MSI files are marked (when built) as to whether they require elevation or not. It's the summary information strean Word Count that says whether the MSI requires elevation to install or not:
https://msdn.microsoft.com/en-us/library/aa372870(v=vs.85).aspx
In the case of an .MSI, sure, Windows automatically knows your installing something. I think your question is more along the lines of what about anything other then an .MSI? Windows has some heuristics built in that AFAIK are managed by the application compatibility team. They do things to detect what they is a setup (like file name, process name, inspection of the summary information stream and so on ) and perform various functions such as detecting a possible failed install, asking if it was an install and if it failed and them performing application compatibility shims such as version lying and forced UAC elevation prompting.
You get to avoid this ugly world my authoring properly designed MSIs. :)
MSIs can be authored per-user or per-machine. Per-user installs won't ask for elevation by default. Per-machine installs will ask for elevation once they hit the InstallExecuteSequence.

Handling admin rights in mixed user/admin windows app

My MFC app usually runs with admin rights, however, there is one operation which needs admin privileges (activation of the software where the status must be saved to HKLM).
For now, I created two .exe files: The ordinary app and "Activation.exe" which must run as admin and has requestedExecutionLevel=requireAdministrator in the Manifest. The activation is started with a button which makes ShellExecute(Activation.exe).
However, both applications share lots of code so I would like to merge the two exe into one exe. But how do I make sure then that specific parts of the code are executed with admin privileges? This method should/must be compatible down to NT4.
One idea is to integrate the functionality of Activation.exe in the main exe using a switch (e.g. "myapp.exe -activate"). A small bootstrapper makes sure that it can only run as admin (requireAdministrator in Manifest) and does nothing more than ShellExec(myapp.exe -activate). But is this really the best way?
I don't know if it's the best way (no-one answered) but I did that now :) The bootstrapper has just requireAdministrator in the Manifest and does a ShellExecute to the main executeable with switch "/Activate" ...
I would typically use a call to ShellExecuteEx with a verb of runas to launch any executable as administrator, even if it's manifested asInvoker.
Note that on systems where UAC has been disabled, the resulting launch may not receive administrator privileges; I believe this caveat also applies to the approach of launching an exe manifested requireAdministrator.

Running application with administrator privilege

I have made an application that copy the vb components to the system32 folder of the windows and register those components with “regsvr32”. It works well in Window XP, but in Windows Vista and Windows7 it can’t perform its task without right clicking the application .exe file and selecting “Run as administrator”. Is there any code in vb that automatically allows the application .exe file to run as administrator?
To do precisely what you ask you can add an application manifest that specifies an execution level of "requireAdministrator" within it. However this means the application will always run elevated, and the user will also have to provide admin credentials or approve elevated execution for every run (UAC prompt).
Please just do things the right way.
I'm going to second Bob's excellent comment above and suggest that you use a tool like Inno Setup http://www.jrsoftware.org (it's free) to build a proper installer. One of the benefits of using a proper setup tool is that the setup application can request to the OS to run with administrative privileges without using external files and manifests to make that happen. The setup.exe that you build will have the necessary code built in to ask the OS for elevated privilege.
In windows 7, we can go to the properties of the file or an application exe file and then "Compatibility" tab. Then check the "Run this program as an administrator".
It will force the application to be executed under the administrator privilege.
I used this and my problem was solved.

What actions will require UAC elevation in Windows?

I'm marking this as a community wiki because I'm not really looking for one complete answer. So if you feel like posting one or two things that will activate the UAC prompt instead of a comprehensive list then go ahead.
What actions in Windows will activate UAC? I'd like to avoid it as much as possible because my application doesn't need admin privileges. And I'm sure many other people want to avoid it.
Specifically, I would like to know if reading from the registry would activate it. Or writing to it?
You don't need to address the above question, just anything that will activate it is fair game.
It's really hard to Google anything about UAC because you get bombarded with articles about how to disable it. And I'd rather not have my application make the assumption UAC is disabled.
Nothing "activates" UAC.
If your application would fail to run as a standard user under Windows XP it will fail to run under Windows Vista or Windows 7 as a standard user.
What you are really asking is: what actions can a standard user not perform under Windows?
The things a standard user cannot do are pretty well known (they've been the same since Windows 2000). The main ones are:
modify anything in HKEY_LOCAL_MACHINE
modify anything in the Windows directory
modify anything in the Program Files folder
If you try to do any of those they will fail on:
Windows 2000
Windows XP
Windows Vista
Windows 7
Nobody should have been running as an administrator for day-to-day computer use. If your application did any of those bad things in Windows XP it would fail. The user would have to:
logon (or fast user switch) to an administrator
perform the administrative task
switch back to their real account
UAC is a convience mechanism, allowing you to easily temporarily switch to an administrator. Nothing you do will "trigger" it; you have to make it happen.
If you know your code needs to modify a file in C:\Program Files\My App\Data, then you should add a button on your form that will trigger the elevation.
You then need to launch an (elevated) copy of your program, do the thing, and close.
I created a launch4j installer (an exe-wrapper for java programs) and named it "MyApp.exe". It doesn't need any admin authentication. It just runs fine without any UAC prompt.
BUT: If I rename this installer to "install.exe" or "setup.exe", the UAC icon appears and I get a UAC promp when starting the installer.
Seems as if there are some "reserved words" in filenames that cause windows to start a program with elevated rights (UAC).

Resources