aerDNA
28th July 2010 20:24 UTC

Request execution level at runtime
The LUA principle enforced by UAC may be fine in theory but in practice it may be difficult to predetermine the set of privileges a program will need because it can depend on specific external factors which can only be detected at runtime. Since a program can only state required privileges passively, through a manifest, it must request admin rights if there's even a single possible scenario in which it might need them. A typical installer will actually need admin rights so this is not a big issue but I tend to create atypical ones. There's the UAC plugin, which is great but not exactly what I needed so I put some code together that allows for the installer to run restricted, examine the target system and then elevate if needed. Elevation is achieved by reexecuting the installer using the runas verb with ShellExecute, which overrides the manifest. This method is also used for limited accounts, in which case it pops up the account selection dialog (RunAs.exe GUI) instead of UAC prompt - same behavior as using RequestExecutionLevel Admin but better because account selection will also be available in XP/2k. We can also deny the possibility to run as a different user if there's a reason for it. Another plus is that it might be considered a nice thing if the installer first explains to the user that it needs admin rights and why, instead of pesky UAC prompt being the first thing he sees.
The script may seem more complex than it should be but that's because I tried to cover all the angles; I think I succeeded and it tested ok (xp/win7) but it's possible there are faults in it and/or my reasoning, so feedback is more than welcome.