Re: [WiX-users] Automatic updating an MSI installation underrestricteduser account

Fri, 15 Sep 2006 02:55:44 -0700

Hi,
 
You might use a special user account with just enough rights to install your application, with just the correct amount of rights in the registry.
Then run the service described on this user.
By adding impersonation tricks you might be able to switch to the user context and use the HKCU and profile settings from that user.
 
I this this is a nice workaround (i am not using it, but it should do the trick)
 
The user can be created from within your installer MSI (since it is run as administrator) and all the specific rights can be arranged also.
 
Just my thoughts ;)
 
Greetings,
 
 
Albert van Peppen
 

Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Jason Swager
Verzonden: vrijdag 15 september 2006 4:29
Aan: Bob Arnson
CC: Wilson, Phil; wix-users@lists.sourceforge.net
Onderwerp: Re: [WiX-users] Automatic updating an MSI installation underrestricteduser account

Yep - I fully agree.  But when the customer requires this in an application - what else can you do?  Privelege escalation is a definite worry.  In my solution, I used named mutexs and encrypted memory mapped files using public/private key encryption via Windows CryptoAPI to trigger the installation.  A bit of of overkill in this case, but it was a good exercise.

Bob Arnson <[EMAIL PROTECTED]> wrote:
Jason Swager wrote:
> This approach has some drawbacks. First, the possibly extra service
> running all the time.
Which is a source of potential security holes, especially privilege
escalation as it's running 100 percent of the time as local system. It
works, but it's a sledgehammer of a solution.


--
sig://boB
http://bobs.org


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to