Windows 7 - launch aplication with Admin rights
-
Hello to all,
I'm developing a desktop, cross platform, application.
Now I'm setting up the auto-upgrade functionality, so that the application is able to self-downaload the newer version from the website (everything ok with this).At least in the Windows platform, I need then to run the updater, a separate small application, that needs to be run with admin privileges, in order to be able to upgrade the main executable in the program directory.
Let's say it's name is upgrader.exe, I've prepared a manifest file named upgrader.exe.manifestThis is the content of the file.
@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly manifestVersion="1.0">
<trustInfo >
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
@If I run manually the updater from my user account, I get the notification that application needs admin privileges and then the application starts.
But, if I run the same appication from within the main QT application (run by the same user), using a QProcess, the launch fails and I see from the QProcess errorString that the user has non privileges to run the application.So, I don't know what could be the problem.
At the moment I'm only focused on this Windows 7 problem.
Any guess??
Thank you.
Michele
-
Hello,
The application is installed once by the administrator.
Then it can be run with user privileges from any user account becouse it needn't to access to any protected resource.When an update/upgrade is available it is downloaded via HTTP to the temporary folder then the main application shoud:
- run an updater.exe with admin privileges
- shutdown itself, so that the updater can upgrade the executable
- the updater will launch the new main application and exits.
I've create an updater.exe.manifest file that states that the updater.exe file has to be run with admin privileges.
If I manually run the updater.exe from the user account (non an Administrator user), I'm prompted for the admin password while if I try to run the updater.exe from within the main application, it fails.
I don't know what I'm doing wrong.
Thank you,
Michele -
Great jjoe, it works now!!
From an account which is not an Administrator, I get prompted for the admin password and then the update.exe is correctly executed with admin rights.
I'll offer you a virtual beer!Then I faced another problem that I solved and thar I can share here.
The calling process needs to pass some information to the called process (update.exe) but these processes are run with different users, so I couldn't use the Temp folder as they are different.
Then I used the systemEnvironment() to get (on Windows) the environment variables and then detect the PUBLIC folder.
In this way both process can write and read from such folder.
I can post the code if anyone needs it.Now I have the last, stupid problem...
The update.exe is now run with admin privileges and at the end of the process it should run the new version of main application.
The problem is that the application is run in the contect of Admin user, not in that one of original unprivileged user, so it goes to read the wrong registry entries for configuration parameters!...Any guess on how to "downgrade" privileges???
Thank you,
Michele -
You are welcome.
Have a look at the "runas":http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true command. It allows to run programs with different permissions than the user's current logon provides. I never tried to call this with QProcess - but it should work. -
Hi,
you're right, but the prolem is that you cannot run a process with runas if the target user has no password.
This is a security setting in Windows and I don't want wess with it!So my solution is that, if the application is run from a non privileged user, then after the upgrade I don't run the newer version automatically, but simpli open the windows explorer to the app file, showing a promt to the user.
So that the user will run it himself with the right user environment.
It's ok as I'll not have frequent upgrade.
Thank you all.
-
There is another way but it is more complex. For this you need at least 3 exe files:
- You application
- Update starter
- Updater (which needs admin privileges)
The "application" checks for updates and if available calls no 2 and shutdown itself.
Update starter calls updater with admin privileges but keeps running.
The "updater" can now upgrade the executable. When done it shutdown itself.
Now "update starter" may start the application in the old user context again.
-
You could also use InnoSetup or similar to create an installer. The installer can be launched from your application using openUrl oder QProcess.
I know InnoSetup installers are capable to be launched in "silent" mode and the interactive mode as well using commandline parameters. So you are able to distinguish between net-update from within your application and admin update with double-click in windows-explorer (or similiar to your needs).
The same might apply to any other setup compilers.
-
[quote author="jjoe" date="1343418530"]There is another way but it is more complex. For this you need at least 3 exe files:
- You application
- Update starter
- Updater (which needs admin privileges)
The "application" checks for updates and if available calls no 2 and shutdown itself.
Update starter calls updater with admin privileges but keeps running.
The "updater" can now upgrade the executable. When done it shutdown itself.
Now "update starter" may start the application in the old user context again.
[/quote]
You're right, not too much complicated and should work.
Probably it's the closest betters solution to the current I'm using now.And this way, if the update fails, or is canceled by the user, the first update can re-start the main application.
Thank you,
Michele -
[quote author="franku" date="1343419510"]You could also use InnoSetup or similar to create an installer. The installer can be launched from your application using openUrl oder QProcess.
I know InnoSetup installers are capable to be launched in "silent" mode and the interactive mode as well using commandline parameters. So you are able to distinguish between net-update from within your application and admin update with double-click in windows-explorer (or similiar to your needs).
The same might apply to any other setup compilers. [/quote]
Hi franku,
yes, I've used Innosetup for years for my small VisualBasic applications, and of couse it have a lot of parameters and can be configured to be run as Administrator.
For the moment, since the application is very simple and the upgrate consists only in replacing the executable, I'd like avoid using an external tool.Thank you,