Talk:UAC plug-in: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
mNo edit summary
(New experimental build; v0.0.7 + Minor cleanup)
Line 2: Line 2:


----
----


In a domain-based network it is important to provide credentials with standart "user\domain" form (as it is displayed into runas dialog and many other places in system).
In a domain-based network it is important to provide credentials with standart "user\domain" form (as it is displayed into runas dialog and many other places in system).
Line 24: Line 22:


[[User:Anders|Anders]] 16:26, 13 October 2007 (PDT) Fix now added to new build (v0.0.6c), old version can be found @ http://stashbox.org/43690/UAC%20v0.0.6b.zip
[[User:Anders|Anders]] 16:26, 13 October 2007 (PDT) Fix now added to new build (v0.0.6c), old version can be found @ http://stashbox.org/43690/UAC%20v0.0.6b.zip
----


new UAC build works very good in 'domain networks' enviroment! Thank you very much for developing!
new UAC build works very good in 'domain networks' enviroment! Thank you very much for developing!


----


* I found interesting new thing...How about members of 'Power users' group ?  
* I found interesting new thing...How about members of 'Power users' group ?  
Line 36: Line 34:


--[[User:Anders|Anders]] 20:59, 22 October 2007 (PDT) First off, the power users group is not really supposed to be used anymore. But, there is nothing in the UAC plugin that says you have to be admin(IIRC), you are already doing the admin check yourself in your .OnInit, you could call the UserInfo plugin instead of checking the "admin register" to allow power users (I'm not sure if this will work on Vista with UAC on, only admins are listed in the UAC dialog AFAIK. On pre Vista or UAC off, there should be no problems(This has never been tested, YMMV))
--[[User:Anders|Anders]] 20:59, 22 October 2007 (PDT) First off, the power users group is not really supposed to be used anymore. But, there is nothing in the UAC plugin that says you have to be admin(IIRC), you are already doing the admin check yourself in your .OnInit, you could call the UserInfo plugin instead of checking the "admin register" to allow power users (I'm not sure if this will work on Vista with UAC on, only admins are listed in the UAC dialog AFAIK. On pre Vista or UAC off, there should be no problems(This has never been tested, YMMV))
----
----
* Another interesting thing:  Perhaps this is outside your control but when you try to elevate your permissions using an Admin account which uses a blank password (i.e. "") there is a windows error that states the admin account must have a non blank password. -Brad (brad@jittr.net)
* Another interesting thing:  Perhaps this is outside your control but when you try to elevate your permissions using an Admin account which uses a blank password (i.e. "") there is a windows error that states the admin account must have a non blank password. -Brad (brad@jittr.net)
--[[User:Anders|Anders]] 03:20, 31 October 2007 (PDT) http://forums.winamp.com/showthread.php?postid=2189159#post2189159
--[[User:Anders|Anders]] 03:20, 31 October 2007 (PDT) http://forums.winamp.com/showthread.php?postid=2189159#post2189159
----
* New version, 0.0.7, with support for UAC::StackPush: http://stashbox.org/73759/UAC%20v0.0.7.zip (Has not been tested much, use with care!)

Revision as of 14:14, 20 January 2008

Awesome stuff. Used and approved.


In a domain-based network it is important to provide credentials with standart "user\domain" form (as it is displayed into runas dialog and many other places in system). Unfortunally used function CreateProcessWithLogonW() uses different form of this - "user@domain" :( So...we need a to deal with this and provide onthefly conversion. I suggest add this pice of code immediately before CreateProcessWithLogonW call (RunAs.cpp):

if(swscanf(wszUName, L"%s\\%s", wszDomain, wszUser) > 1) {

wcscpy(wszUName, wszUser);
wcscat(wszUName, L"@");
wcscat(wszUName, wszDomain);

}

...and #include <wchar.h>

--Anders 01:11, 25 September 2007 (PDT) RunAs.cpp is only used if the user is non admin,running on Vista with UAC off (And it is only there since the built in RunAs seems to be broken) I don't have a domain to test on, but I will try to look into this

--Anders 02:04, 25 September 2007 (PDT) Is "\\machine\user" a legal credentials form? what about "\\domain\user"? Please try test build @ http://rapidshare.com/files/58108814/UAC_v0.0.6c_TestBuild.zip.html and report back

Anders 16:26, 13 October 2007 (PDT) Fix now added to new build (v0.0.6c), old version can be found @ http://stashbox.org/43690/UAC%20v0.0.6b.zip

new UAC build works very good in 'domain networks' enviroment! Thank you very much for developing!


  • I found interesting new thing...How about members of 'Power users' group ?

According to MSDN documentation - members of this group have many available actions... for example register COM and ActiveX objects (regsvr32.exe my.dll ....), complete write access to 'programm files' directory... I think not all installers required *strictly* admin privelegues...

Maybe function who test for 'administrators' privelegue can test for 'power users' and indicate its presence ?

--Anders 20:59, 22 October 2007 (PDT) First off, the power users group is not really supposed to be used anymore. But, there is nothing in the UAC plugin that says you have to be admin(IIRC), you are already doing the admin check yourself in your .OnInit, you could call the UserInfo plugin instead of checking the "admin register" to allow power users (I'm not sure if this will work on Vista with UAC on, only admins are listed in the UAC dialog AFAIK. On pre Vista or UAC off, there should be no problems(This has never been tested, YMMV))


  • Another interesting thing: Perhaps this is outside your control but when you try to elevate your permissions using an Admin account which uses a blank password (i.e. "") there is a windows error that states the admin account must have a non blank password. -Brad (brad@jittr.net)

--Anders 03:20, 31 October 2007 (PDT) http://forums.winamp.com/showthread.php?postid=2189159#post2189159