3

I have an MSI that needs to run with administrator permissions. This installer will do some admin stuff, and eventually put a shortcut on the user's desktop. When I set the installer to "Run as Administrator", the MSI actually runs under the profile of the admin account. The shortcut gets placed under the admin's Desktop and not under the user's Desktop.

Is it possible to run the installer with elevated permissions (not Run as Administrator) which will prompt for admin credentials, but still run the installer under the non-admin user's profile so the shortcuts, new folders, new files, etc. get placed in the non-admin user's location?

billoreid
  • 133
  • 6
  • As far as I know, 'run with elevated permissions' and 'run as administrator' are just different ways of saying the same thing. One thing that I do know, having worked on an installer, is that executables whose names contain 'setup' or 'install' (or the localized equivalent) will automatically be run with elevated permissions just because of what installers have to do. – RobH Nov 14 '14 at 17:31
  • "Run as Administrator" elevates the process and runs the process as another user. So yes, there is a difference, even as an Administrator user you have to elevate a process at times. – Ramhound Nov 14 '14 at 17:34
  • 1
    Why is a non-admin user trying run an msi which requires elevation? – kreemoweet Nov 14 '14 at 17:39
  • @Ramhound - So you're saying that elevating the process simply means running the process as another user which has admin rights? – billoreid Nov 14 '14 at 17:44
  • @kreemoweet - The software application can be run without admin rights, but installing everything the software needs requires admin rights. So I need an admin to do the install, but the user can run the software from his profile location. – billoreid Nov 14 '14 at 17:52
  • 1
    @billoreid Yes, it just happens that if the user is a member of the Administrators Group the "other user" it is running as is the same username and user profile. It is still considered "another user" and it has subtle side effects. For example mapped drives disappear for the elevated process, this happens because mapped drives are "per user" and because you are running as "a different user (even though it has the same username)" the mappings don't exist. – Scott Chamberlain Nov 14 '14 at 17:52
  • @billoreid - Where did I say that? I said "run as Administrator" which is what you said in your question is not the same as elevating the privilege of a process. One launches a process with elevated privileges as another user. The other elevates an already existing process using to the permissions of another user with higher permissions. They are similar but there is a difference between the two actions. – Ramhound Nov 14 '14 at 17:54
  • @Ramhound - That's what I thought, but how can that be done in Windows? How can I run a process with elevated permissions without running the process as another user? I guess I should change my title question to this since that's really what I'm asking. – billoreid Nov 14 '14 at 18:02
  • 1
    @billoreid - The user running the process would have to have those elevated privileges in order to elevate the process as that user instead of another user. – Ramhound Nov 14 '14 at 18:17

1 Answers1

1

You have two options you could visit.

  1. Find out if the MSI supports the ALLUSERS property, which would do just that: place shortcuts into all users' desktop. Probably the safest and fastest way to implement your deployment.
  2. Modify Aaron Margosis' MakeMeAdmin script, which temporarily adds a user to the "Administrators" group, and removes them as soon as the program launches. This requires two password entries, though: one by the Administrator and one by the user you just elevated to a local admin.

Hope that helps.

JSanchez
  • 1,682
  • 13
  • 10
  • #1 is what I would ideally like to do, but the installation really requires admin privileges since it installs other software and a Windows service. #2 looks like a very good option which would only require minimal involvement by an actual admin. – billoreid Dec 03 '14 at 15:57