Start another process as admin
-
I'm creating a software package that we are deploying to multiple employees at one of our client's sites. This software is designed to gather system information (OS, 32/64-bit, machine name, etc.) and also check whether N-able and Lync Basic 2013 is installed, and install them if necessary. Currently both the N-able and Lync installation packages are embedded within my assembly. If the user is missing either program, the file will be extracted and ran silently without any user input. The issue I'm running into is that the N-able installation requires admin privileges. All the computers have the same admin account (we set it up that way; they don't have a central server/domain) and I'm trying to have the N-able run under that account so that way the user is prompted with any messages. From everything I've been reading it seems that I have to create some kind of intermediate program that my program runs, which then can run the N-able silent installation using the admin account. However I haven't been able to find any good tutorials/step-by-step guides on how to do this? Anybody have any links to guides on how I can do this. I just need to know how I can start another process using the credentials of an admin account that I already know; the users don't know these credentials so I can't have them type them in. I have tried using Process.Start with various settings, CreateProcessAsUser, CreateProcessWithLogonW, etc. but they all give me errors such as "This operation requires elevated permissions, "A required privilige is not held by the client", etc. It doesn't matter if I do it through the .NET Framework, P/Invoke, or a separate library, as long as the guide instructs me how I can use it from my assembly it's good. Any help that you can provide will be greatly appreciated...I'm supposed to have this finished within the next day or two. Thank you a lot in advance.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
-
I'm creating a software package that we are deploying to multiple employees at one of our client's sites. This software is designed to gather system information (OS, 32/64-bit, machine name, etc.) and also check whether N-able and Lync Basic 2013 is installed, and install them if necessary. Currently both the N-able and Lync installation packages are embedded within my assembly. If the user is missing either program, the file will be extracted and ran silently without any user input. The issue I'm running into is that the N-able installation requires admin privileges. All the computers have the same admin account (we set it up that way; they don't have a central server/domain) and I'm trying to have the N-able run under that account so that way the user is prompted with any messages. From everything I've been reading it seems that I have to create some kind of intermediate program that my program runs, which then can run the N-able silent installation using the admin account. However I haven't been able to find any good tutorials/step-by-step guides on how to do this? Anybody have any links to guides on how I can do this. I just need to know how I can start another process using the credentials of an admin account that I already know; the users don't know these credentials so I can't have them type them in. I have tried using Process.Start with various settings, CreateProcessAsUser, CreateProcessWithLogonW, etc. but they all give me errors such as "This operation requires elevated permissions, "A required privilige is not held by the client", etc. It doesn't matter if I do it through the .NET Framework, P/Invoke, or a separate library, as long as the guide instructs me how I can use it from my assembly it's good. Any help that you can provide will be greatly appreciated...I'm supposed to have this finished within the next day or two. Thank you a lot in advance.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
Do it differently. Instead of installing the required third party programs when your program is started by a user, install them during the installation process of your program - since the installation is run by a System account, that will work.
-
Do it differently. Instead of installing the required third party programs when your program is started by a user, install them during the installation process of your program - since the installation is run by a System account, that will work.
My program doesn't need to be installed. It is a single executable that I'm placing the client's DropBox folder and then sending a link to everyone. This way they can just click the link and the program will run without requiring any user interaction.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
-
My program doesn't need to be installed. It is a single executable that I'm placing the client's DropBox folder and then sending a link to everyone. This way they can just click the link and the program will run without requiring any user interaction.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
Well, therein lies the problem. What you're talking about doing is a security risk. In order for your code to be able to do what you want to, you have to ship the username and password for an Admin account with the code, to all of the users. That's a big no-no. You're exposing yourself and the company to security risk by doing that. Also, what if the admin account username/password changes? Now you have to update the code to use the new ones! Worse yet, what if the username/password changes on some machines and not others?? Now you're screwed. The proper way to do it is to come up with an install package for your prereqs and install those before the user launches the application, not after they launch it.
A guide to posting questions on CodeProject
How to debug small programs
Dave Kreskowiak -
I'm creating a software package that we are deploying to multiple employees at one of our client's sites. This software is designed to gather system information (OS, 32/64-bit, machine name, etc.) and also check whether N-able and Lync Basic 2013 is installed, and install them if necessary. Currently both the N-able and Lync installation packages are embedded within my assembly. If the user is missing either program, the file will be extracted and ran silently without any user input. The issue I'm running into is that the N-able installation requires admin privileges. All the computers have the same admin account (we set it up that way; they don't have a central server/domain) and I'm trying to have the N-able run under that account so that way the user is prompted with any messages. From everything I've been reading it seems that I have to create some kind of intermediate program that my program runs, which then can run the N-able silent installation using the admin account. However I haven't been able to find any good tutorials/step-by-step guides on how to do this? Anybody have any links to guides on how I can do this. I just need to know how I can start another process using the credentials of an admin account that I already know; the users don't know these credentials so I can't have them type them in. I have tried using Process.Start with various settings, CreateProcessAsUser, CreateProcessWithLogonW, etc. but they all give me errors such as "This operation requires elevated permissions, "A required privilige is not held by the client", etc. It doesn't matter if I do it through the .NET Framework, P/Invoke, or a separate library, as long as the guide instructs me how I can use it from my assembly it's good. Any help that you can provide will be greatly appreciated...I'm supposed to have this finished within the next day or two. Thank you a lot in advance.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
-
Agreeing with Dave, it's a security risk. But have a look at the Process.StartInfo Class. There you can use username and Password to run a new process.
We are aware of the possible security risk but my company considered it extremely low. My company wants an application that is a single file, does not require an installation, is able to gather some basic computer information, as well as install two other programs. One of those two programs need admin privileges to install. I have tried using the Process.StartInfo class with username and password but I still get an exception about the installation of one of the programs needing elevated privileges. The chances of anyone being able to disassemble the assembly to get the admin info is very remote and even if they did get it they couldn't really do any harm with it. The computers aren't on a domain; we create the account on the computers so that way the users can't just install any software on their computers or just do any updates they want. Plus there isn't any server at their site that they would get access to should they somehow get the credentials, or any kind of shared resources (except the DropBox admin account which uses different credentials). In addition, once the program does what it is supposed to do, the file deletes all traces of the program. I know this isn't the best way to go about it, but for what my company is looking for (a single file that is fully automated, thereby not needing any IT intervention to input the credentials) this is the only way I could think of doing it. As an extra layer of precaution I did implement a very simple encryption algorithm so if somehow they did disassemble the file they wouldn't just see a plaintext password.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.
-
We are aware of the possible security risk but my company considered it extremely low. My company wants an application that is a single file, does not require an installation, is able to gather some basic computer information, as well as install two other programs. One of those two programs need admin privileges to install. I have tried using the Process.StartInfo class with username and password but I still get an exception about the installation of one of the programs needing elevated privileges. The chances of anyone being able to disassemble the assembly to get the admin info is very remote and even if they did get it they couldn't really do any harm with it. The computers aren't on a domain; we create the account on the computers so that way the users can't just install any software on their computers or just do any updates they want. Plus there isn't any server at their site that they would get access to should they somehow get the credentials, or any kind of shared resources (except the DropBox admin account which uses different credentials). In addition, once the program does what it is supposed to do, the file deletes all traces of the program. I know this isn't the best way to go about it, but for what my company is looking for (a single file that is fully automated, thereby not needing any IT intervention to input the credentials) this is the only way I could think of doing it. As an extra layer of precaution I did implement a very simple encryption algorithm so if somehow they did disassemble the file they wouldn't just see a plaintext password.
A black hole is where God tried to divide by zero. There are 10 kinds of people in the world; those who understand binary and those who don't.