I have a program which, when installed, gets added to the RunOnce registry in Windows, so that it runs for the first time after Windows gets rebooted post installation.
This application installs a couple of Windows .NETservices using SC Create string passed in _wsystem. Unfortunately it fails to install at least one service..
To eliminate all other conditions, I'd like this application to run as an elevated, privileged user.
This application is in C++. Should I add a manifest or something to achieve this?
Related
I'm looking for a way to run a GUI program with admin privileges from an already privileged process (as with a service running as SYSTEM) - without having a prompt for admin password.
What I know is that if a service as SYSTEM runs a GUI program, the process will start, but it won't be displayed for the user.
Having read about impersonation and window stations and desktops, I'm wondering if the SYSTEM service would be able to launch a GUI program, and then somehow create a new process and then set it's window station and desktop to the default one where the user can interact with it.
The use-case would be to open a program installation (which would require admin rights to install for all users - or to install at all) and then with some simulated keystrokes go through the installation setup (which is why it's important to have a GUI that can be interacted with).
Is something like this even possible in the context of it being run as a SYSTEM process?
I've developed an Accessibility API console application in C++ for High Sierra (and lower) - uses AXUIElementCopyAttributeValue etc.
I've disabled SIP to give me a chance here to write to the Accessibility database using tccutil.
So, the application runs as expected in Xcode, given that I've enabled 'Xcode' in System Preferences->Security & Privacy->Privacy->Accessibility.
I've wrapped my console application into a .app so I can drag and drop into this Accessibility panel.
If I run the application outside of Xcode in a Terminal window, I have to also give Terminal.app Accessibility rights for the application to use the API otherwise nothing is extracted. This then seems that you must give the calling application the rights.
I'm trying to launch the application on startup via a LaunchAgent with root privileges, /usr/bin/sudo being the calling application. Launching a script instead to run the application seemed the better method. The application launches fine, infact the console application inside the .app is also added now to the Accessibility panel.
Unfortunately, the Accessibility side of things is still not working and I've run out of ideas?
Any help will be appreciated.
Many thanks in advance.
I have an C++ executable that include some GTK code. I want this application to be started on startup of my machine (as root).
I tried with a init script (that is working perfectly when I use it from my user session), but having a look at the log file of my application I see that the latest logged line is before to call Gtk::Application::create() so it seems that it too earlier to initialize GTK.
How can I have my application started after the user session opened so that GTK initialisation is not failing ?
Create a .desktop file of your application, and put it to /etc/xdg/autostart/ for each user, or to $HOME/.config/autostart/ for current user.
If you want to load that application as root for general users, you may choose to use gksu or other tools to authorize priviledge.
Alternatively, you can see how network-manager is designed. It inits network-manager module as a init-script when system starts, and loads nm-applet, which is GUI for ordinary user, when a user session loads. Thus, network-manager can be managed on all the desktop environment (like Gnome, KDEE, xfce...) by desktop users.
I have a project that is being built using CruiseControl.NET. The project contains an 'MSBuild task' that runs the build for the project and also the unit tests. The unit test in turn is just a MSBuild 'exec' task that runs an executable.
The unit test involves some .NET remoting. And when the unit tests are run through the system command prompt, the software's window opens up, tests run and the process exits.
When I force a build through the web dashboard, the build hangs at the point where the unit test starts running. The software's window does not open up, but the executable is running. If the process is killed through the task explorer, the build goes through with a 'Failure' status. This happens when I run ccnet as a windows service.
If I run CCNet directly (not as a windows service) and force a build through the web dashboard, the build and unit tests go through fine as expected. (with the window of the software opening up.)
It looks like there is a deadlock in the case where CCNet is run as a windows service. I am guessing it is related to the standard output/error streams.
Is this is known problem?
What might be the problem going on?
Any suggestions on debugging this?
How can I get around it?
(I am using CCNet version 1.4.4 SP1)
When CCNet is running as a service it is not going to have access to the display, so don't expect to see anything on the screen in this configuration. The first thing I would check is the permissions - make sure the service runs as an account that has permissions to access whatever resources you need. You also have CCNet log files, which you can find via Dashboard.
On a side note, try TeamCity instead of CCNet, its 10 years ahead.
Maybe this answer will help :
delphi windows service can't download file from internet
You should know that when running CCNet as an application (the dosbox) it uses the environment variables and all rights from the logged account. So it may connect to a server, use cached passwords, get registry variables for this account.
BUT when ran as a service, the account is the one you provided : LocalSystem for exampe, where env. varibales are not the same.
So, what you can do is to change the CCNet service account for test. Change it to your user account (with password), and I'm sure it will work better !
I'm am developing a Firefox extension which interfaces with an underlying Windows service (which I have already made).
During the development so far I encountered one bug in the installer program (which installs the FF extension AND the service). This was due to the security model on Vista requiring elevated privileges to be able to install and start the service. I adjusted the installer and now it installs fine (just with additional Vista'esque warning dialogs being displayed to end-users - which I can live with !)
I am now in the process of developing an XPCOM component that will install along with the XUL stuff I have already made. There will be a XUL javascript interface to the XPCOM which will try to do things like stop and start the service (e.g when user-configuration data is changed).
My question: Since FF will normally be run under a user account, will I run into any difficulties on Vista or other Windows flavors trying to start or stop my own service via XPCOM?
(When users run the installer I don't mind security dialogs popping up in Vista. But I certainly don't want this to happen whenever they try to change their info in the XUL interface.)
What is the correct way to go about this?
Yes, if your service is running as an Administrator then the Firefox process, running as a normal user will not be able to start or stop it. However, it appears that you can use the "sc" command to set access controls on your service from your installer, which means you can allow non-admin users to start and stop your service.
You'll need to use "sc sdset", which is documented (lightly) here:
http://technet.microsoft.com/en-us/library/cc742037%28WS.10%29.aspx
However, to use that, you'll need to read up on the "Security Descriptor Definition Language", which looks kind of complicated:
http://msdn.microsoft.com/en-us/library/aa379567%28VS.85%29.aspx
This blog entry appears to have some human-readable information on it:
http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/parsing-sddl-strings.aspx