UAC plug-in: Difference between revisions
From NSIS Wiki
Jump to navigationJump to search
(v0.0.8 test build) |
(→Info: Added link) |
||
(50 intermediate revisions by 16 users not shown) | |||
Line 1: | Line 1: | ||
{{PageAuthor|Anders}} | {{PageAuthor|Anders}} | ||
[[Category:Plugins]] | |||
[[Category:Deprecated]] | |||
<div style="border: 1px solid #404000; background-color:#FFFF80; color:#000; padding:0.5em;"><b>Note:</b>This plug-in is deprecated. It started out as a proof of concept in the early Vista days and should now be considered abandoned.</div> | |||
==Plugin Info== | |||
* '''Version:''' 0.2.4c (20150526) | |||
* '''Type:''' Runtime plugin | |||
* '''Character encoding:''' Ansi | |||
* '''Minimum OS:''' Win95/NT4 (Elevation on Win2000+) | |||
* '''Minimum NSIS Version:''' 2.45 | |||
* '''License:''' zlib | |||
* '''Download:''' <attach>UAC.zip</attach> | |||
==Info== | |||
This plug-in attempts to work around UAC installation problems on Win2000+. This plug-in allows your installer to operate with a user level process and an admin level process ([https://docs.microsoft.com/en-us/windows/win32/secauthz/administrator-broker-model administrator broker model]). This allows you to accomplish things that would otherwise be very difficult. For example, you can have an elevated installer instance launch another process as the user. | |||
It all started in [http://forums.winamp.com/showthread.php?s=&threadid=265780 this thread]. It has been field tested with good results. It is still definitely in the beta stage (i.e. use at your own risk). | |||
== | ==Basic Example== | ||
<highlight-nsis> | |||
/* | |||
Basic script for a all users/shared installer. | |||
It runs the installed application as the correct user... | |||
*/ | |||
!define S_NAME "UAC_Basic example" | |||
Name "${S_NAME}" | |||
OutFile "${S_NAME}.exe" | |||
RequestExecutionLevel user ; << Required, you cannot use admin! | |||
InstallDir "$ProgramFiles\${S_NAME}" | |||
!include MUI2.nsh | |||
!include UAC.nsh | |||
!macro Init thing | |||
uac_tryagain: | |||
!insertmacro UAC_RunElevated | |||
${Switch} $0 | |||
${Case} 0 | |||
${IfThen} $1 = 1 ${|} Quit ${|} ;we are the outer process, the inner process has done its work, we are done | |||
${IfThen} $3 <> 0 ${|} ${Break} ${|} ;we are admin, let the show go on | |||
${If} $1 = 3 ;RunAs completed successfully, but with a non-admin user | |||
MessageBox mb_YesNo|mb_IconExclamation|mb_TopMost|mb_SetForeground "This ${thing} requires admin privileges, try again" /SD IDNO IDYES uac_tryagain IDNO 0 | |||
${EndIf} | |||
;fall-through and die | |||
${Case} 1223 | |||
MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "This ${thing} requires admin privileges, aborting!" | |||
Quit | |||
${Case} 1062 | |||
MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "Logon service not running, aborting!" | |||
Quit | |||
${Default} | |||
MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "Unable to elevate, error $0" | |||
Quit | |||
${EndSwitch} | |||
SetShellVarContext all | |||
!macroend | |||
Function .onInit | |||
!insertmacro Init "installer" | |||
FunctionEnd | FunctionEnd | ||
Function . | Function un.onInit | ||
!insertmacro Init "uninstaller" | |||
FunctionEnd | FunctionEnd | ||
!insertmacro MUI_PAGE_WELCOME | |||
!insertmacro MUI_PAGE_DIRECTORY | |||
!insertmacro MUI_PAGE_INSTFILES | |||
!define MUI_FINISHPAGE_RUN | |||
!define MUI_FINISHPAGE_RUN_FUNCTION PageFinishRun | |||
!insertmacro MUI_PAGE_FINISH | |||
!insertmacro MUI_UNPAGE_CONFIRM | |||
!insertmacro MUI_UNPAGE_INSTFILES | |||
!insertmacro MUI_LANGUAGE "English" | |||
Function PageFinishRun | |||
Function | ; You would run "$InstDir\MyApp.exe" here but this example has no application to execute... | ||
!insertmacro UAC_AsUser_ExecShell "" "$WinDir\notepad.exe" "" "" "" | |||
FunctionEnd | FunctionEnd | ||
Section | Section | ||
SetOutPath $InstDir | |||
# TODO: File "MyApp.exe" | |||
WriteUninstaller "$InstDir\Uninstall.exe" | |||
SectionEnd | SectionEnd | ||
Section Uninstall | |||
SetOutPath $Temp ; Make sure $InstDir is not the current directory so we can remove it | |||
# TODO: Delete "$InstDir\MyApp.exe" | |||
Delete "$InstDir\Uninstall.exe" | |||
RMDir "$InstDir" | |||
SectionEnd | |||
</highlight-nsis> | |||
==Important Notes== | |||
# If you need to use the UAC plugin for the uninstaller as well, you will need to initalize the UAC plugin for the uninstaller, such as through un.onInit. | |||
# If you need to use the UAC plugin for the uninstaller as well, you will need to initalize the UAC plugin for the uninstaller, such as through un.onInit. | |||
# The outer/user process does not display any output as to what occurred. For example, if you have the outer/user process create a shortcut, and it fails, the inner/admin process currently visible will not display anything to indicate that a problem occurred. This is because the outer/user process does not yet communicate back to the inner/admin process. | # The outer/user process does not display any output as to what occurred. For example, if you have the outer/user process create a shortcut, and it fails, the inner/admin process currently visible will not display anything to indicate that a problem occurred. This is because the outer/user process does not yet communicate back to the inner/admin process. | ||
# When a standard or limited user supplies administrator information into the Run As dialog, you may experience permissions trouble with any extracted file. For example, if a Windows 2000 standard user supplies administrator info into the Run As dialog, and the NSIS installer extracts an .exe file, then trying to call that .exe through an Exec can fail. If this is a problem, you will want to use the [[AccessControl_plug-in|AccessControl plug-in]]. | # When a standard or limited user supplies administrator information into the Run As dialog, you may experience permissions trouble with any extracted file. For example, if a Windows 2000 standard user supplies administrator info into the Run As dialog, and the NSIS installer extracts an .exe file, then trying to call that .exe through an Exec can fail. If this is a problem, you will want to use the [[AccessControl_plug-in|AccessControl plug-in]]. | ||
Latest revision as of 14:32, 21 January 2022
Author: Anders (talk, contrib) |
Note:This plug-in is deprecated. It started out as a proof of concept in the early Vista days and should now be considered abandoned.
Plugin Info
- Version: 0.2.4c (20150526)
- Type: Runtime plugin
- Character encoding: Ansi
- Minimum OS: Win95/NT4 (Elevation on Win2000+)
- Minimum NSIS Version: 2.45
- License: zlib
- Download: UAC.zip (50 KB)
Info
This plug-in attempts to work around UAC installation problems on Win2000+. This plug-in allows your installer to operate with a user level process and an admin level process (administrator broker model). This allows you to accomplish things that would otherwise be very difficult. For example, you can have an elevated installer instance launch another process as the user.
It all started in this thread. It has been field tested with good results. It is still definitely in the beta stage (i.e. use at your own risk).
Basic Example
/* Basic script for a all users/shared installer. It runs the installed application as the correct user... */ !define S_NAME "UAC_Basic example" Name "${S_NAME}" OutFile "${S_NAME}.exe" RequestExecutionLevel user ; << Required, you cannot use admin! InstallDir "$ProgramFiles\${S_NAME}" !include MUI2.nsh !include UAC.nsh !macro Init thing uac_tryagain: !insertmacro UAC_RunElevated ${Switch} $0 ${Case} 0 ${IfThen} $1 = 1 ${|} Quit ${|} ;we are the outer process, the inner process has done its work, we are done ${IfThen} $3 <> 0 ${|} ${Break} ${|} ;we are admin, let the show go on ${If} $1 = 3 ;RunAs completed successfully, but with a non-admin user MessageBox mb_YesNo|mb_IconExclamation|mb_TopMost|mb_SetForeground "This ${thing} requires admin privileges, try again" /SD IDNO IDYES uac_tryagain IDNO 0 ${EndIf} ;fall-through and die ${Case} 1223 MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "This ${thing} requires admin privileges, aborting!" Quit ${Case} 1062 MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "Logon service not running, aborting!" Quit ${Default} MessageBox mb_IconStop|mb_TopMost|mb_SetForeground "Unable to elevate, error $0" Quit ${EndSwitch} SetShellVarContext all !macroend Function .onInit !insertmacro Init "installer" FunctionEnd Function un.onInit !insertmacro Init "uninstaller" FunctionEnd !insertmacro MUI_PAGE_WELCOME !insertmacro MUI_PAGE_DIRECTORY !insertmacro MUI_PAGE_INSTFILES !define MUI_FINISHPAGE_RUN !define MUI_FINISHPAGE_RUN_FUNCTION PageFinishRun !insertmacro MUI_PAGE_FINISH !insertmacro MUI_UNPAGE_CONFIRM !insertmacro MUI_UNPAGE_INSTFILES !insertmacro MUI_LANGUAGE "English" Function PageFinishRun ; You would run "$InstDir\MyApp.exe" here but this example has no application to execute... !insertmacro UAC_AsUser_ExecShell "" "$WinDir\notepad.exe" "" "" "" FunctionEnd Section SetOutPath $InstDir # TODO: File "MyApp.exe" WriteUninstaller "$InstDir\Uninstall.exe" SectionEnd Section Uninstall SetOutPath $Temp ; Make sure $InstDir is not the current directory so we can remove it # TODO: Delete "$InstDir\MyApp.exe" Delete "$InstDir\Uninstall.exe" RMDir "$InstDir" SectionEnd
Important Notes
- If you need to use the UAC plugin for the uninstaller as well, you will need to initalize the UAC plugin for the uninstaller, such as through un.onInit.
- The outer/user process does not display any output as to what occurred. For example, if you have the outer/user process create a shortcut, and it fails, the inner/admin process currently visible will not display anything to indicate that a problem occurred. This is because the outer/user process does not yet communicate back to the inner/admin process.
- When a standard or limited user supplies administrator information into the Run As dialog, you may experience permissions trouble with any extracted file. For example, if a Windows 2000 standard user supplies administrator info into the Run As dialog, and the NSIS installer extracts an .exe file, then trying to call that .exe through an Exec can fail. If this is a problem, you will want to use the AccessControl plug-in.