Can you do partial validation in the UI sequence then delegate the rest to a deferred CA? Deffered CAs will run as SYSTEM if Impersonate=no. MSDN has an example that demonstrates how to pass credentials to a deferred CA. Please see http://msdn.microsoft.com/en-us/library/aa372401(VS.85).aspx. One other option is to determine if the credentials will work by inspection rather than execution. Can inspect the database to determine if the specified user has access, without actually connecting to it? -Eric
> Date: Thu, 14 May 2009 10:38:20 -0500 > From: bphilp...@sqlsentry.net > To: wix-users@lists.sourceforge.net > Subject: Re: [WiX-users] UAC prompt on feature modification after > installation > > I'm currently using LogonUser. If I were to use SSPI I think I could > validate the account, but I also need to impersonate the user. The > reason is the service uses a connection string and I want to encrypt the > connection string using the data protection api (DPAPI). So, I log in as > the service account, impersonate, make sure I can connect to the > database with that account, create the connection string, encrypt it > using DPAPI, then revert to the original context. It works fine except > for the fact that I need the SE_TCB_NAME privilege and from what I can > tell unless you run elevated that privilege is not granted. When I do > add/remove programs and do change, I don't get a UAC prompt, and the > Immediate Actions are definitely not running under an elevated user > context, which I need them to do. > > I could side step the issue completely if anyone has any good ideas for > transferring database logon credentials to the service account (we have > to support sql auth credentials from the service to our database). > > Brooke Philpott, Senior Technical Lead, SQL Sentry, Inc. > P: 704.895.6241 x228 | F: 704.895.8771 | E: bphilp...@sqlsentry.net | B: > brooke.blogs.sqlsentry.net > > > -----Original Message----- > From: Eric St.John [mailto:eric.st.j...@hotmail.com] > Sent: Thursday, May 14, 2009 11:21 AM > To: wix-users > Subject: Re: [WiX-users] UAC prompt on feature modification after > installation > > > A quick search turned up this KB, not sure if it will > help.http://support.microsoft.com/kb/180548 > -Eric > >> Date: Wed, 13 May 2009 16:16:26 -0500 >> From: bphilp...@sqlsentry.net >> To: wix-users@lists.sourceforge.net >> Subject: [WiX-users] UAC prompt on feature modification after > installation >> >> When I do a fresh install I'm using a bootstrapper to launch the msi >> with admin rights so I can perform a LogonUser call in order to > validate >> the account used during the execution phase for the service. I want to >> do that validation up front so I don't get an error during the > execution >> phase which would roll back the whole install. Everything works fine >> except today I noticed if I go to change in Add/Remove programs it >> doesn't elevate. So, when I go to the UI page where I enter in the >> credentials I get an error that I can't impersonate because I don't > have >> those privileges with my current token. >> >> >> >> Is there a way to elevate upon change in add/remove programs? Is there > a >> better way to do the account validation to begin with? >> >> >> >> -Brooke >> >> > ------------------------------------------------------------------------ > ------ >> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! > Your >> production scanning environment may not be a perfect world - but > thanks to >> Kodak, there's a perfect scanner to get the job done! With the NEW > KODAK i700 >> Series Scanner you'll get full speed at 300 dpi even with all image >> processing features enabled. http://p.sf.net/sfu/kodak-com >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users > > _________________________________________________________________ > Hotmail(r) has ever-growing storage! Don't worry about storage limits. > http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tut > orial_Storage1_052009 > ------------------------------------------------------------------------ > ------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks > to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK > i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > ------------------------------------------------------------------------------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users _________________________________________________________________ Insert movie times and more without leaving HotmailĀ®. http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd1_052009 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
