Why does install require ADMINISTRATOR account?
Why does install require ADMINISTRATOR account?
Why does the installer require Admin account? Not to be critical, but this is a VERY simple app that could easily be designed to run from a single Exe -- no install should be required at all ... and certainly not an install with Admin privileges.
Not only is this method a security risk (Admin-required installs allow access to secure system files), but it also prohibits your app from being used in ANY business setting without the explicit approval of the IT staff.
Therefore, I would suggest making this app "click-and-go" -- no install needed, and certainly one that does not require Admin access.
Not only is this method a security risk (Admin-required installs allow access to secure system files), but it also prohibits your app from being used in ANY business setting without the explicit approval of the IT staff.
Therefore, I would suggest making this app "click-and-go" -- no install needed, and certainly one that does not require Admin access.
unable to run under Limited User account (merged)
In relation to my other post, this app does not proper run from a Limited User account, even if it WAS installed under an Admin account.
Tested on Vista x32 SP1.
Error message as follows, being a Security violation attempting to access protected registry areas:
-----------------
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Security.SecurityException: Requested registry access is not allowed.
at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Electronics_Assistant.Registry.ReadKeyStr(String Subkey, String KeyName, String DefaultValue, Boolean AllUsers)
at Electronics_Assistant.fclsAssistant.frmAssistant_Load(Object eventSender, EventArgs eventArgs)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
The Zone of the assembly that failed was:
MyComputer
************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Electronics_Assistant
Assembly Version: 4.1.0.0
Win32 Version: 4.1.0.0
CodeBase: file:///C:/Program%20Files/Electronics%202000/Electronics%20Assistant/Electronics_Assistant.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
Tested on Vista x32 SP1.
Error message as follows, being a Security violation attempting to access protected registry areas:
-----------------
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Security.SecurityException: Requested registry access is not allowed.
at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Electronics_Assistant.Registry.ReadKeyStr(String Subkey, String KeyName, String DefaultValue, Boolean AllUsers)
at Electronics_Assistant.fclsAssistant.frmAssistant_Load(Object eventSender, EventArgs eventArgs)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
The Zone of the assembly that failed was:
MyComputer
************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Electronics_Assistant
Assembly Version: 4.1.0.0
Win32 Version: 4.1.0.0
CodeBase: file:///C:/Program%20Files/Electronics%202000/Electronics%20Assistant/Electronics_Assistant.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
-
- Site Admin
- Posts: 173
- Joined: Tue Jan 29, 2008 7:05 pm
- Location: Nottingham, UK
- Contact:
Re: Why does install require ADMINISTRATOR account?
Hi
Thanks for pointing this out, I'll have to see what can be done. The installation uses Inno Setup and simply copies the program and help files to the 'program files' foler, and creates start menu (and optionally desktop) shortcuts. It also checks if the required.NET framework is installed, and if necessary downloads it from Microsoft and installs it (this does require admin previledges). It doesn't create any registry entries - these are created by the program the first time it is run. Whilst the exe file will run without installation, past feedback and personal experience is that uses would rather the program installed itself and created shortcuts and an unistall entry. I'll see if there could be an option to 'insall for me only' under a limite account - placing the shortcuts in the user's account rather than 'all users'.
As you say the issue with running the software under a limited account seems to be due to with reading a registry key in HKEY_LOCAL_MACHINE. Most settings are stored on a 'per account' basis, but several, especially to do with registration, are stored for all users. This was a requested change from the 3.x versions, as previously each user would be prompted to register seperately, not desirable in a school environment when installed once and used by many different accounts. I'm sure I have, however, run under a limited account before, and there are plenty of corporate installations of Electronics Assistant, at least some of which must be on limited accounts.
I'll investigate if there is any way around this. In the meantime could you tell me if, after installing as admin, you ran the program once under admin, or switched straight to limited user before running it? Since most keys are written on the first run this may make a difference.
Thanks for pointing this out, I'll have to see what can be done. The installation uses Inno Setup and simply copies the program and help files to the 'program files' foler, and creates start menu (and optionally desktop) shortcuts. It also checks if the required.NET framework is installed, and if necessary downloads it from Microsoft and installs it (this does require admin previledges). It doesn't create any registry entries - these are created by the program the first time it is run. Whilst the exe file will run without installation, past feedback and personal experience is that uses would rather the program installed itself and created shortcuts and an unistall entry. I'll see if there could be an option to 'insall for me only' under a limite account - placing the shortcuts in the user's account rather than 'all users'.
As you say the issue with running the software under a limited account seems to be due to with reading a registry key in HKEY_LOCAL_MACHINE. Most settings are stored on a 'per account' basis, but several, especially to do with registration, are stored for all users. This was a requested change from the 3.x versions, as previously each user would be prompted to register seperately, not desirable in a school environment when installed once and used by many different accounts. I'm sure I have, however, run under a limited account before, and there are plenty of corporate installations of Electronics Assistant, at least some of which must be on limited accounts.
I'll investigate if there is any way around this. In the meantime could you tell me if, after installing as admin, you ran the program once under admin, or switched straight to limited user before running it? Since most keys are written on the first run this may make a difference.
Re: Why does install require ADMINISTRATOR account?
hi,
i ran it several times as Admin before switching to L-U account.
On a separate note, there is a very useful "unique" calculator on this web page:
http://www.bcae1.com/srsparll.htm
Towards the bottom of that page, there is a calculator that calculates the current & power & voltage thru parallel resistors with a series resistor. I actually had this scenario right now, and this type of calculator saved me a lot of time by not needing to do the math manually, especially good for calculating the wattage requirements if you were adding a resistor in parallel with an existing one. Something to consider for a future update, and probably can be implemented quickly.
i ran it several times as Admin before switching to L-U account.
On a separate note, there is a very useful "unique" calculator on this web page:
http://www.bcae1.com/srsparll.htm
Towards the bottom of that page, there is a calculator that calculates the current & power & voltage thru parallel resistors with a series resistor. I actually had this scenario right now, and this type of calculator saved me a lot of time by not needing to do the math manually, especially good for calculating the wattage requirements if you were adding a resistor in parallel with an existing one. Something to consider for a future update, and probably can be implemented quickly.
-
- Site Admin
- Posts: 173
- Joined: Tue Jan 29, 2008 7:05 pm
- Location: Nottingham, UK
- Contact:
Re: Why does install require ADMINISTRATOR account?
Hi
Thanks for that, I'll add it to the 'to do' list. It might not make the next release at the rate I am going (hoping for a new release soon) but I'll see.
I've investigated the admin problem, the solution seems to be to store settings in a file (probably XML) in the user & commom application data folders - these seem to be writeable under a limited user account. I don't use vista but have been testing on a machine with windows 7 beta under a limited user account.
Inno setup, used for the installation, unfortunately doesn't support 'install for all users / for me only' option at present. I could make the setup run with limited privileges, but it would only create shortcuts for the current user, not all users, something people (particularly education users) have requested in the past. Hence the install will probably have to stay as admin for the moment, although I could perhaps have a second version for limited users, or simply a zipped set of files without an installer.
Do you know if, when running the installation, vista UAC prompted to enter an admin password, or did it simply give an error and fail?
Thanks for that, I'll add it to the 'to do' list. It might not make the next release at the rate I am going (hoping for a new release soon) but I'll see.
I've investigated the admin problem, the solution seems to be to store settings in a file (probably XML) in the user & commom application data folders - these seem to be writeable under a limited user account. I don't use vista but have been testing on a machine with windows 7 beta under a limited user account.
Inno setup, used for the installation, unfortunately doesn't support 'install for all users / for me only' option at present. I could make the setup run with limited privileges, but it would only create shortcuts for the current user, not all users, something people (particularly education users) have requested in the past. Hence the install will probably have to stay as admin for the moment, although I could perhaps have a second version for limited users, or simply a zipped set of files without an installer.
Do you know if, when running the installation, vista UAC prompted to enter an admin password, or did it simply give an error and fail?
Re: Why does install require ADMINISTRATOR account?
Regarding UAC, ...unknown. I have that disabled -- it is unnecessary when proper accounts are setup correctly. I stick with old-fashioned proper account usage -- Admin account for necessary installs and system administration, and a Limited Account for 99.99% of all PC usage.
A zip download would be excellent -- many software is offered this way for this very reason. A plain Exe stored on the desktop is an easy as it gets. Of course, the error messages would still need to be resolved when running the app as a Limited User.
A zip download would be excellent -- many software is offered this way for this very reason. A plain Exe stored on the desktop is an easy as it gets. Of course, the error messages would still need to be resolved when running the app as a Limited User.
Re: Why does install require ADMINISTRATOR account?
Hi,
1) Just wondering whether you had a chance to offer a stand-alone "portable" version of your app?
2) Any thoughts of adding conversions to your app? (as a simple example, volts-to-millivolts, mfd to pfd, etc)
1) Just wondering whether you had a chance to offer a stand-alone "portable" version of your app?
2) Any thoughts of adding conversions to your app? (as a simple example, volts-to-millivolts, mfd to pfd, etc)
-
- Site Admin
- Posts: 173
- Joined: Tue Jan 29, 2008 7:05 pm
- Location: Nottingham, UK
- Contact:
Re: Why does install require ADMINISTRATOR account?
Hi,
When the next version is released there will be a zipped version without the installer. The current version would still need admin privileges to run since it writes to the 'all users' section of the registry. The next version stores settings etc. to XML files in the application data folders. This is done and working, but I still have other bits to do. I'd hoped to get a lot done over Christmas but was ill so didn't get as far as hoped. It should be out in the next month or so.
When the next version is released there will be a zipped version without the installer. The current version would still need admin privileges to run since it writes to the 'all users' section of the registry. The next version stores settings etc. to XML files in the application data folders. This is done and working, but I still have other bits to do. I'd hoped to get a lot done over Christmas but was ill so didn't get as far as hoped. It should be out in the next month or so.
Re: Why does install require ADMINISTRATOR account?
2 years later, deja-vu all over again. See original post in this thread.
-
- Site Admin
- Posts: 173
- Joined: Tue Jan 29, 2008 7:05 pm
- Location: Nottingham, UK
- Contact:
Re: Why does install require ADMINISTRATOR account?
Hi,
Most users prefer the convenience of an installation program to put the files in the correct place and create shortcuts. The installer also checks that the .NET framework is installed (admittedly less of a problem these days since most people already have this), and downloads if it required. I suspect that removing the installer would lead to lots of e-mails from users unable to get the program to run. Judging by the user database (200 registered installations of V4.2 in the first week, some from large corporations), the need for admin privileges doesn't seem to be a huge problem.
That said, I will look at providing a zipped version with just the EXE and help files, for those users who want to avoid the need for admin rights. The new version stores settings in XML files in the application data and program data folders, and doesn't use the registry, so there shouldn't be any rights problems actually running it.
Most users prefer the convenience of an installation program to put the files in the correct place and create shortcuts. The installer also checks that the .NET framework is installed (admittedly less of a problem these days since most people already have this), and downloads if it required. I suspect that removing the installer would lead to lots of e-mails from users unable to get the program to run. Judging by the user database (200 registered installations of V4.2 in the first week, some from large corporations), the need for admin privileges doesn't seem to be a huge problem.
That said, I will look at providing a zipped version with just the EXE and help files, for those users who want to avoid the need for admin rights. The new version stores settings in XML files in the application data and program data folders, and doesn't use the registry, so there shouldn't be any rights problems actually running it.