Archive: Need help with per user installer that needs admin for one section


Need help with per user installer that needs admin for one section
Hello.

I am developing an installer for a per-user app that gets installed into $PROFILE. It has to be per-user to prevent multiple instances running from the same IP address. The app has a distributed architecture in which a main process launches sub-processes and various command line tools.

This would be easy to do, just run as user and write to HKCU, user profile, etc. Except, I am using SimpleFC (firewall plugin) to add firewall rules for our app. This requires elevation to write to HKLM. If the installer runs elevated (with UAC plugin), the all of the installed files are owned by admin which breaks the application, since it cannot run many of the subprocs it needs to.

So, my question is, how do I request a higher execution level for only one area or section of the installer and uninstaller? Or, would it be better to use the UAC plugin and run everything but the firewall exceptions as user(this would be messy)?

I can provide code, clarification, or anything else. Any and all help is greatly appreciated.

Thanks in advance.


There are 2 options:
1) Split your installer into two: one run as user, second as elevated user
2) Run installer elevated and for unelevated parts of installer use ShellExecAsUser (http://nsis.sourceforge.net/ShellExecAsUser_plug-in) or any other similar plug-in.


Thanks

Originally posted by T.Slappy
1) Split your installer into two: one run as user, second as elevated user
Thanks for the response. I ended up finding this solution on my own and implemented a small, silent installer that takes care of the firewall rules and leaves everything else alone. I realized there are not many solutions for this problem, but many for the opposite.

I did run into one problem. It seemed that if i put the uninstaller for the sub-installer anywhere except the root directory of the app it would fail on execution. Any ideas?

You're probably using the $INSTDIR variable in your uninstaller. In the uninstaller, $INSTDIR contains simply the directory where uninstall.exe is located. So in essence, it's the same as $EXEDIR.

This is why you should always verify in un.oninit that uninstall.exe hasn't been moved to, say, c:\windows or something. You'd end up deleting the wrong files. I simply check for some marker files with specific filenames, and throw a warning if something seems wrong.