Win2008R2, UAC, IIS and cross domain access...
I have an NSIS installer for a web application. The application process does the following:
- query IIS for all virtual websites
- create local/AD users
- create IIS application pools
- create IIS application directories
- create IIS virtual directories
- apply NTFS file permissions
- create SQL Database
In my NSIS installer, I have "RequestExecutionLevel admin"
If I am installing on a single Windows 2008+ computer, all is well.
If I am installing on a single Windows 2003 computer, all is well.
If I am installing on a Windows 2003 webserver and remote (on the same domain) SQL server of any Windows version, and am logged in as a domain administrator, all is well.
When I am installing on a Windows 2008+ webserver and remote SQL server, I run into issues.
It appears that I can do anything I want locally, but am unable to create AD level users or create the remote SQL Database.
In researching UAC, I came across http://codefromthe70s.org/vistatutorial.aspx which explains that even though I am logged in as a Domain Administrator, I'm in an "elevated account" but does not retain access to remote computers as a Domain Admin.
I've tried changing "RequestExecutionLevel user" and find that while I may still have access to domain computers, I no longer have any access to IIS as an administrator.
Is there a happy medium?
As I said, this installer works perfectly on a Windows 2003 server - it's just UAC causing me headaches. Is there a specific NSIS UAC which someone would recommend to solve this issue?
I'm at the head banging stage - so any advice would be extremely welcome. Thank you in advance!