If you have read and understood these caveats but have no other choice, you can use this tool to set the "Run as administrator" option for a shortcut (.lnk) file.
As a software developer, you never have no other choice -- i.e. it is absolutely never the correct choice to set this flag. Your choices include (roughly in decreasing order of correctness):1. Rewrite your application such that it does not require admin privileges at all.2. Rewrite your application such that it does not require admin privileges at startup, but can elevate on demand in the hopefully small number of cases that truly do require admin permissions. (There are a few variations on how to do this, with differing requirements and security implications.)3. Add a manifest to your application (ideally as a resource, but it can be a loose file if you can't rebuild your app at all) to require admin permissions at startup.4. Write a thin launcher app with such a manifest and launch your app from this instead (as sub-processes will remain elevated by default).Most often, requiring admin permissions only occurs because the application is not behaving correctly in the first place.The shortcut flag exists only for end-users, who lack the ability to do any of the above things, and is a workaround for broken software. Don't release broken software.
Anyway, it's nice that the installer has the ability to set this checkbox of a shortcut.понедельник, 1 июля 2024 г. в 05:16:37 UTC+3, Gavin Lambert:
--
You received this message because you are subscribed to the Google Groups "innosetup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to innosetup+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/innosetup/5292cbf9-9962-46ba-9485-9182d1386ebbn%40googlegroups.com.
Of course, I agree in general (which is why I posted a link to Raymond Chen's blog posting). However, despite these caveats, there may still be use cases where doing any of the above is not possible or impractical. IMO it's better to use the binary interfaces (IPersistFile, IShellLinkDataList, etc.) than directly modifying bits in the .lnk file. Hence the utility.
I agree that using the API as you're doing is vastly superior to hacking the file as the SetElevationBit function just posted here does. But still, absolutely never do either of these things (but SetElevationBit is vastly worse).Raymond's blog post very clearly says to not do this either. I disagree that there are any cases where doing one of the things that I stated are impossible or impractical -- anyone who can't do those things has no business distributing software in the first place.The shortcut setting is for user use only. Either to work around broken software or as a user preference to skip some optional elevation inside the app -- but the app needs to be written correctly to handle optional elevation in the first case for that to be useful. There are absolutely no circumstances that the developer should distribute software with this flag set, because there are always better options.
As far as "anyone who can't do those things has no business distributing software"--aside from this possibly sounding a bit elitist, I would say that in order to implement this tool in an Inno Setup installer one needs a fair understanding of how to call an external executable. Such a person can read and understand the implications of using the tool and why it's not the best solution for most cases, as already stated here (and also in the tool's documentation).
Also, you may not have considered that this tool might have applicability in other use cases besides installers. For example, system administrators might be interested in using this tool to set the SLDF_RUNAS_USER bit for a shortcut that gets distributed by a GPO (for example, a PowerShell shortcut that gets distributed to administrator user profiles).
Installers are modifying someone else's computer using admin permissions.
On Tuesday, July 2, 2024 at 5:56:26 PM UTC-6 Gavin Lambert wrote:Installers are modifying someone else's computer using admin permissions.That's not always the case, of course, as per-user installers are relatively common.
And it would be even more bizarre if a per-user installer wants to install an admin-only shortcut.
You might be surprised. Suppose someone wanted to write a per-user installer that, as part of its process, creates a PowerShell shortcut that prompts for elevation and that said installer only gets executed for administrator profiles. One of the most straightforward ways of meeting this requirement is simply to create the shortcut and set the elevation bit. (Yes, there are other potential ways of solving this problem, but that would be beside the point.)
But then it wouldn't work if the user ran the script directly instead of via the special shortcut. And it's not hard to write a self-elevating script, which is roughly equivalent to putting an admin manifest on an executable (and thus the better option). It's even almost the same code as just detecting whether you have admin perms, which the script ought to be doing up-front regardless to avoid getting into situations where it does a bunch of other work before crashing out and leaving the user in a broken state.