Archive: Impersonation Windows 7
Impersonation Windows 7
Im wondering is it possible to impersonate my admin user using nsis? I know the un and pw
do i need to call System.dll, how would i call the appropriate API functions?
sorry if this is a silly question but im new to nsis.
I will be logged in using with a standard user when running the installer
Its this the correct route i should be following?
http://forums.winamp.com/showthread.php?t=172544
What is the goal? Why not just request admin rights like a normal installer?
the installer is going to have to make updates by impersonating admin, admin has a password which the standard user will not have access to(Restricted User), so when i call RequestExecutionLevel admin,this brings up UAC requesting the admin password which the standard user will never know.
Is this possible with Nsis?
That post you linked has the code you want.
Stu
Originally posted by Afrow UKJust remember that impersonation is per thread (Will not affect CreateProcess, for that you have CreateProcess<AsUser|With[Token|Logon]> etc)
That post you linked has the code you want.
Stu
Yes and the code in Sections run in a different thread. So if you do impersonation in .onInit you will need to do it again in a first Section.
Stu
Error Opening File
First thing thank you for the replys, ive tryied to implement the code as below, but im still running into problems:
1st Massage box : i get Number: 227633266688 this is a random number:
2nd Massage box : i get Number: 25769803776
then i get an Error message "Error opening file for writing"
So i wondering if this is a permission thing? - not so sure of this as TestAdmin have full access rights on the c:\
### User Impersanation::Call '${RevertToSelf}.r0'
>!define USERNAME "TestAdmin"
>!define DOMAIN "WIN-UJOVINKT6SI"
>!define PASSWORD "password1"
>!define LOGON32_LOGON_INTERACTIVE 2
>!define LOGON32_LOGON_NETWORK 3
>!define LOGON32_LOGON_BATCH 4
>!define LOGON32_LOGON_SERVICE 5
>!define LOGON32_LOGON_UNLOCK 7
>!define LOGON32_LOGON_NETWORK_CLEARTEXT 8
>!define LOGON32_LOGON_NEW_CREDENTIALS 9
>!define LOGON32_PROVIDER_DEFAULT 0
>!define LOGON32_PROVIDER_WINNT35 1
>!define LOGON32_PROVIDER_WINNT40 2
>!define LOGON32_PROVIDER_WINNT50 3
>!define LogonUser "advapi32::LogonUserA(t, t, t, i, i, *l) l"
>!define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(l)l"
>!define RevertToSelf "advapi32::RevertToSelf() l"
>Section "App Applications" App_Applications
SetPluginUnload alwaysoff
System
>System::Call "${LogonUser}('${USERNAME}', '${DOMAIN}', '${PASSWORD}', ${LOGON32_LOGON_INTERACTIVE}, ${LOGON32_PROVIDER_DEFAULT}, .r2) .r0"
>messagebox mb_ok $0
System::Call '${ImpersonateLoggedOnUser}(r2) .r0'
>messagebox mb_ok $0
setOutPath $INSTDIRApp_Applications
#Program Files
file /r "C:\App_Platform\Output\Debug\"
System::Call '${RevertToSelf}.r0'
SectionEnd
>
Should probably be
!define LogonUser "advapi32::LogonUser(t, t, t, i, i, *i) i"
(change l to i) and since it returns BOOL really anything nonzero is success (but it is very rare that BOOL returning functions use anything other than 0 and 1)
You should add ?e to the end of the command to get the windows error code.
...and finally, if someone really wanted to they could find the password (Debugger, decompile installer or look at the memory at the right moment in process explorer)