Menu
I am using Visual Studio 2008 to build an MSI install package. Within the install I have numerous custom actions. Within the OnAfterInstall custom action I attempt to start an exe which is deployed by the install. The exe starts ok, but runs within a security context of NT AUTHORITY\SYSTEM (i.e. under the elevated privileges granted to the Windows Installer process). I actually need the exe to run in the security context of the currently logged-on user who started the install in the first place. Does anyone know how to start the exe so it runs in this 'reduced' context. I really want to avoid having to ask the user for their login credentials if possible.
233
Open elevated Command Prompt. To do so, type "CMD" in Start menu or Start screen search box, and then simultaneously press Ctrl+Shift+Enter keys. Click Yes button when you see the UAC prompt. In the Command Prompt, navigate to the directory that the install file is located in and run the install file.
Right-click on it and select the “Edit with MSI Wrapper” option. MSI Wrapper will now open up and prompt you to select an output location. Just choose any location and then click on the “Build” button. MSI Wrapper will now create a new EXE file that can be installed without admin rights.
You need to use Remote Desktop Services API: http://msdn.microsoft.com/en-us/library/aa383464%28v=VS.85%29.aspx . It is available starting from WinXP.
This API allows you to run your application in context of any logged in user account. You need to be running as a SYSTEM to be able to use it. And you are. For instance you may enumerate sessions using WTSEnumerateSessions, then take user token by WTSQueryUserToken and run application using this token.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
