Important! Because an activated User Account Control (UAC) on your
system some functions of XAMPP are possibly restricted. With UAC
please avoid to intall XAMPP to C:\Program Files (missing write
permissions). Or deactivate UAC with msconfig after this setup.
I was searching for any farther information, but nothing found. Does anybody know what exact problems might I have if I would install XAMPP on Program Files with enabled UAC (especially on Windows 8/8.1)?
Apache2, for example needs write access, which wont be granted by Windows for any program trying to write into the program files directory. Obviously for security reasons, otherwise a program could manipulate other programs.
I don't know exactly, why Apache needs write access, but I think it is because of the log files, which are contained in some sub-directories of the installation
Related
So I have made a program which copies some files from System32 on 32 bit machine while SYSWOW64 on 64 bit machine to another destination after the User accepts it. I have added an administrator manifest in it so it asks for admin privileges before starting. Is that necessary? I don't want to cook the Users brain by asking him every time for admin privileges. So does copying something from the above two locations need admin privileges?
Regards,
Reading files does not require admin permission, though writing does.
There are a number of implications of this:
If you install Apache, you can read the httpd.conf with notepad but saving fails unless you disable UAC.
You can copy a file from a system directory, but you cannot save a file to a system directory without asking via UAC.
BTW this is one of my biggest issues with UAC -- it means that things behave strangely and that writes can fail after you have already made changes, which can be very annoying if you come from a UNIX background and expect it to work something like sudo....
I've written a Win32 program that at regular intervals retrieves content from a dedicated server on the internet.
Sometimes the Win32 program itself needs to be updated. What I do is exit the said program and run a download-program which replaces the main exe I need to uopdate. This works for users running in Administrator mode but not other mode that has sufficent rights for most tasks. The program runs on it own directory which is not under "c:\Windows\program files\".
I've set a manifest file to no avail.
Is there a workable workaround solution for this (any)?
For security reasons you cannot place files in Program Files without admin rights. If you would be able to this you could in theory change Windows files and place malware as well.
Same goes for Linux and OSX systems.
However you could prompt the user for an Administrator password and gain the admin rights in that way.
You need your updater program to have admin rights. You achieve that by adding the requireAdministrator option in the requestedExecutionLevel section of the application manifest. You said that you have tried this to no avail. Well, you must have got something wrong because this is the solution. You just need to persevere until you get the manifest correct.
I presume that when you say that the [program is not under the Program Files directory you refer to the updater. If the program being updated is not under the Program Files directory then there would seem to be no obvious reason that the updater needs admin rights. If that is so then you need to investigate further.
Based on the assumption that standard users can't write directly to ProgramData on Vista and later, I'm creating a directory inside it and giving all users full control of that for my program's use. It works fine, but during testing I tried to run some test code as Guest (which is supposed to be restricted) and it successfully created the directory and granted the intended rights. I wasn't expecting that to work, when I've seen so many stories of that kind of thing not working. The same thing happens if I create a standard user account and run the program from there.
Has anyone else seen that behavior? It's not being virtualized, and it appears that the UAC awareness tweak to the program's manifest (I'm using VS2005 here) is working because I get errors when I try to write to System32 instead of a file in VirtualStore.
I would just let it go and count my blessings, but this software won't just be running on my machine and I'd like to make sure it'll work in other environments.
Users are able to write to the ProgramData folder, because rights to create files and folders are granted to Users by default:
The same is true on Windows 7. Likely also true on Windows Vista.
The default permissions allow non-admin users to create directories in ProgramData, so the observed behaviour is as-expected.
I'm currently working on my applications installer and I'm wondering where the executable files should be installed to in Windows 7.
If I'm installing as admin my executables files get put in C:\Program Files.
If I install my product as a normal user where should the executables be put?
Thanks in advance.
Which installer are you using?
MSI runs in elevated privileges. You can install your application in program files folder
Put the files in the user folder.
This will mean that the application is only available to that user.
You should probably store that in the AppData directry, as I saw you mention in reply to #ChrisF. Remember that the user can move this directory though, so I wouldn't point to it explicitly. There is an environment variable that you can grab, that only applies to the logged-in user, which is %AppData%.
Keep in mind that putting it in %AppData%/Roaming would follow the user across multiple machines on the same Domain and %AppData%/Local would just stay on the one machine.
The executables should be under Program Files, who's precise location may vary from installation to installation. This means that the setup should run elevated. If InnoSetup makes .msi files, they will request elevation. If it makes a file called setup.exe, it will also request elevation. If for some reason the exe has a different name, like GetStarted.exe, then you should hand create an external manifest (GetStarted.exe.manifest) and put in requireAdministrator for the requestedExecutionLevel which will ensure your installer requests elevation.
Regardless of how it requests elevation, if the user doing the install is an admin (eg you) they will just have to click consent. If they are not an admin they will need to get an admin to consent for them. After that the installer will be able to write to Program Files.
If it's important to you that non admins be able to install the app then have the executables go under the users profile - but that would not be my first choice. The protection given to Program Files means that users are less likely to find themselves with messed up copies of your application if you install it to the protected area.
I have a vb6 application. I am unable to carry out the following on a Windows Vista machine:
Register a .DLL from the Users directory
Start another .EXE
Write to a file in the Users directory.
How can I overcome these issues?
This is by design. Software is supposed to require admin rights for installation (including update/upgrades). You got away with it in XP because so many people ran as administrator. If you're registering a dll after installation, you're doing something wrong.
You should be able to do this without issue, but only with the same rights as the user that the current app is running under. What is this exe trying to do, and would a standard user normally have those permissions?
What specific folder in the user's directory? Again: a user should have write access to most of the their own profile, but not necessarily as much outside of that as you think.
You have access to write to the c:\users\ directory. Going to another users directory is a bit of a security problem that you're not going to work around.
As far as registering an assembly from a users directory... There is a directory under c:\users\\AppData\Local\assembly which you should have access to for temporary assemblies
Starting another exe is trivial... As long as it's installed in the normal \program files.. path.
It really sounds like maybe you need to reevaluate how your application works.
Some suggestions:
Move to Reg-Free COM where it can handle things (i.e. not for ActiveX EXEs, DCOM).
We'd need more information. This should be no problem unless there are permissions issues.
Users are not supposed to be creating files outside of their own profiles, CommonAppData, and application-defined locations (often on non-system drives). More information is required to give any really useful answer.