giriraj
10th October 2007 13:02 UTC

How to change the process owner of the installer?
Hi.
As a part of my project i am supposed to create a new Windows User with Administrator privileges.
So far i have succeeded in that.
Next what my task is for the process "installer.exe"; (i.e the currently running installer) to change its owner from the logged on user to the newly created user.
In short i want to change the owner of the current process.

Any help in this regard would be greatly appreciated.

And by the way,this whole NSIS thing is simply outstanding stuff.Kudos to the development team for such a fantastic effort.

Regards,
Giriraj.

Anders
10th October 2007 13:55 UTC

I don't think you can change a process owner/user on the fly. You probably have to start another instance of the same process by calling CreateProcessAsUser or one of the other CreateProcessAs/With api's with the system plugin

giriraj
11th October 2007 05:37 UTC

Thanks a lot Anders for your information.
Is it possible for you to give an example for the same.
I am a newbie in this awesome technology called NSIS.

CancerFace
11th October 2007 10:42 UTC

I don't think you can change a process owner/user on the fly

giriraj
11th October 2007 10:59 UTC

It would be really helpful to me if you can put up an example.
I am yet to get conversant with the terminologies involved in the System calls made through NSIS.

CancerFace
11th October 2007 11:56 UTC

Then this is an excellent opportunity to get conversant with the system API calls. Start with this LogonUser example and its MSDN description and move to the other API calls. What you are after is rather involved as there are many little details to pay attention to...
CF

CancerFace
11th October 2007 16:38 UTC

@giriraj
After reading the MSDN info on the functions that are mentioned in this thread, I think that the easiest way to start a new process with your new account is by calling from your installer CreateProcessWithLogonW.

Here is a minimal script to get you started:

!define LOGON_WITH_PROFILE  0x00000001
!define LOGON_NETCREDENTIALS_ONLY  0x00000002
!define CREATE_DEFAULT_ERROR_MODE  0x04000000
!define CREATE_NEW_CONSOLE  0x00000010
!define CREATE_NEW_PROCESS_GROUP  0x00000200
!define strPROCESS_INFORMATION  (i,i,i,i)

SetCompressor /SOLID lzma
!include "MUI.nsh"
!include "LogicLib.nsh"

OutFile "TEST.exe"
InstallDir "$PLUGINSDIR"

Section -Ext
MessageBox MB_OK|MB_ICONINFORMATION "Starting Notepad as another user:"
System::Alloc ${NSIS_MAX_STRLEN}
Pop $R0
System::Call 'Advapi32::CreateProcessWithLogonW(w "test",w ".",w "1234",i ${LOGON_WITH_PROFILE},w "$SYSDIR\notepad.exe",w "",i ${CREATE_DEFAULT_ERROR_MODE}|${CREATE_NEW_CONSOLE}|${CREATE_NEW_PROCESS_GROUP},,w "$SYSDIR\",,i R0)i.R6 ?e'
Pop $9
${If} $R6 == 0
  MessageBox MB_OK|MB_ICONSTOP "Got an error code of '$9'"
  Quit
${EndIf}
System::Call '*$R0${strPROCESS_INFORMATION}(.R1,.R2,.R3,.R4)'
MessageBox MB_OK|MB_ICONEXCLAMATION "The new process started!$\nProcess handle: $R1$\nProcess thread: $R2$\nProcessID: $R3$\nThreadID: $R4$\n"
MessageBox MB_OK|MB_ICONINFORMATION "Press OK to terminate the original process"
  Quit
SectionEnd

Function .onInit
  InitPluginsDir
FunctionEnd

giriraj
17th October 2007 07:17 UTC

Thanks a lot CF.
I was able to run your sample code and the notepad's owner was actually the new user i specified.
But then i got stuck.
What i specifically need is that whatever files are installed by the installer ,all of those files should have their preferences(for e.g file owner) set to the new user i just created(new user is created through the same installer process).I mean all these have to be performed through single instance of the running installer.
I was looking for a way to do this through "CreateProcessWithLogonW". But i haven't found a way yet.
I hope i am able to put forth my problem appropriately.

Giriraj.

giriraj
17th October 2007 07:20 UTC

And just to add something more.
I have created a plug-in that encrypts a string using Win32Crypto API in VC(i am new to VC too :) ).
Is there any place i can post my plug-in for others to use.?

CancerFace
17th October 2007 10:48 UTC

Ownership of files/folders you can set from within the installer using the AccessControl plugin...

Also you may want to have a look at the remarks at the end of the CreateProcessWithLogon MSDN page:

By default, CreateProcessWithLogonW does not load the specified user profile into the HKEY_USERS registry key. This means that access to information in the HKEY_CURRENT_USER registry key may not produce results that are consistent with a normal interactive logon. It is your responsibility to load the user registry hive into HKEY_USERS before calling CreateProcessWithLogonW, by using LOGON_WITH_PROFILE, or by calling the LoadUserProfile function.