If you have a service configured to run as an administrator, the administrator's password is stored as an LSA secret in the registry (in the SAM hive, as I recall). It is encrypted but the decryption key is in there too. However, if someone is able to steal the SAM hive to crack it offline - which they can only do by already knowing the administrator password or by physical access to the machine - then they can crack all the passwords in it.
I'd be happier seeing the Windows Data Protection API used to store the administrator's credentials, available as of Windows 2000. See CryptProtectData in the SDK. If you must use a service, install the service as manual start and use a <Permission> element under <ServiceInstall> to allow the service to be started and stopped by a non-privileged user. Then start the service to perform the upgrade and stop it when you've finished (or perhaps have it stop itself?) This is the technique that Windows Installer itself uses. -- Mike Dimmick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Arnson Sent: 16 September 2006 20:00 To: Jason Swager Cc: Wilson, Phil; wix-users@lists.sourceforge.net Subject: Re: [WiX-users] Automatic updating an MSI installation under restricteduser account Jason Swager wrote: > But that was shot down on the principle that having the admin creds > ANYWHERE on the system in ANY fashion was unacceptable. But a 24/7 localsystem service is?<sigh> Dilbert was right...<g> -- sig://boB http://bobs.org ------------------------------------------------------------------------ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
