RunAsOriginalUser sometimes seems does not work as expected
71 views
Skip to first unread message
Simon73
May 24, 2022, 6:05:37 AM5/24/22
to innosetup
Hello,
I'm fighting with a strange issue related to the RunAsOriginalUser flag.
This is my situation: I need to run the Installer with Admin privileges ([Setup]: PrivilegesRequired=admin) as I need to add exclusions to Windows Firewall and things like that. At the same time I need to interact with the "OriginalUser", the user before elevation, as I need to write into proper HKCU registry section...this is the relevant line:
Filename: "{sys}\reg.exe"; Parameters: "ADD ""HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"" /v Shell /d ""{app}\MyShell.EXE"" /f"; StatusMsg:"Setting
MyShell as shell for current user"; Flags:runhidden runasoriginaluser; Tasks: AutoStartUp\CURRENTUSER
I'm having this strange issue: the first time I run the setup package the above registry modification is applied to the "Elevated (administrator) User" instead of the "OriginalUser". If I run the setup package a second time then the execution is correct, and reg.exe write correctly to the OriginalUser HKCU registry section.
I tested this issue on multiple PCs, it seems to be repeatable.
Also taking a look at the SetupLog file I see that there is a note before execution of reg.exe that states that it is run as OriginalUser, for first and second install.
I use latest version of InnoSetup, v6.2.1, operating system where setup package is executed is Windows10 LTSB 2016.
I have no more ideas, anybody can help me?
Jernej Simončič
May 24, 2022, 3:21:10 PM5/24/22
to Simon73 on [innosetup]
On Tuesday, May 24, 2022, 12:05:37, Simon73 wrote:
Filename: "{sys}\reg.exe"; Parameters: "ADD ""HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"" /v Shell /d ""{app}\MyShell.EXE"" /f"; StatusMsg:"Setting MyShell as shell for current user"; Flags:runhidden runasoriginaluser; Tasks: AutoStartUp\CURRENTUSER
First, why are you shelling out to reg.exe instead of using [Registry]?
Second, there is no reliable way to access per-user areas from admin install – if the setup is run by right-clicking it and selecting "Run as Administrator", the setup's original user will be the elevated user, and there's nothing you can do about that.
--
< Jernej Simončič ><><><><>< https://eternallybored.org/ >
-- Law of Cybernetic Entomology
< Jernej Simončič ><><><><>< https://eternallybored.org/ >
-- Law of Cybernetic Entomology
Simon73
May 25, 2022, 9:36:20 AM5/25/22
to innosetup
Hi Jernej, i cannot use [Registry] as I have to interact with the "OriginalUser" profile, not the elevated one, and for [Registry] section is not available the 'runasoriginaluser' flag as in [Run] section.
Second: I'm not executing the installer selecting "Run as Administrator", I just double click on the Setup.exe and then choose a different user with administrative rights. And please note that the strange issue I'm experiencing is that the first run doesn't work (the installer wrote into 'currentUser' registry section), but the second run works (installer wrote into 'originalUser' registry section)!.
For this I'm asking if someone else experienced this issue.
Please note: at the moment I solved the issue writing a little application that do the job I need, executed during installation ([Run] section). This little app just search the 'original' windows user, assuming that this one is the owner of the explorer.exe process executed into the same session of setup.exe process, and subsequently write into relevant HKEY_USERS\S-1-5-.. registry section.
In any case I like to share this issue with other users to find, if possible, a common and cleaner solution.
Simone
Gavin Lambert
May 25, 2022, 7:25:07 PM5/25/22
to inno...@googlegroups.com
On 26/05/2022 01:36, Simon73 wrote:
> Second: I'm not executing the installer selecting "Run as
> Administrator", I just double click on the Setup.exe and then choose a
> different user with administrative rights. And please note that the
> strange issue I'm experiencing is that the first run doesn't work (the
> installer wrote into 'currentUser' registry section), but the second run
> works (installer wrote into 'originalUser' registry section)!.
> For this I'm asking if someone else experienced this issue.
If you're using an overly-generic name like actually just "setup.exe"
> Second: I'm not executing the installer selecting "Run as
> Administrator", I just double click on the Setup.exe and then choose a
> different user with administrative rights. And please note that the
> strange issue I'm experiencing is that the first run doesn't work (the
> installer wrote into 'currentUser' registry section), but the second run
> works (installer wrote into 'originalUser' registry section)!.
> For this I'm asking if someone else experienced this issue.
then you can get bitten by compatibility settings or heuristics that
will automatically elevate before Inno can capture the original user.
In general, anything user-level shouldn't be done by the installer at
all; you should do it when your application actually starts (and detects
that something is not yet configured).
Reply all
Reply to author
Forward
0 new messages