C ++ MSI程序包管理特权 [英] C++ MSI Package Administative Privileges
问题描述
这是我遇到的问题,
我有一个C ++应用程序,该程序通过将数据写入.txt文件运行,并且我想为该应用程序创建MSI程序包.
当我构建并运行我的应用程序时,一切都很好,但是当我运行MSI安装文件时,所创建的应用程序确实获得了正确的运行特权.
即使我将它们包含在软件包中并将它们设置为系统文件,我也找不到允许应用程序写入所需的.txt文件的方法.
如果我以以管理员身份运行",一切都很好,但这并不是很合理,因为我需要它在以用户身份运行"时起作用.
无论如何,安装时是否会提示用户以同意具有管理员权限的安装,因此不必在每次启动提示前手动完成.
任何能让我的代码再次运行的事情都很棒,谢谢.
长期写作 :要求应用程序提升运行状态(链接可能已过时-此处有一些有关如何执行此操作的信息(项目符号2).在当今时代,这种方法已经不被接受了,但是它会起作用.警惕您的ACL权限不要太紧,以防万一您写入新文件,请在写入操作期间删除旧文件,然后将新文件重命名为旧名称-除了文件之外,还需要创建文件写得很明显-NTFS中有非常细粒度的控件. GenericWrite应该可以解决我的问题.
某些链接(连接松动,添加起来便于检索):
Here is the issue that I am having,
I have a C++ application that runs by writing data to .txt files and I want to create an MSI Package for the application.
When I build and run my app all is fine but when I run my MSI Setup File the created application does get granted the correct privileges to function.
I can't find a way to allow the app to write to the .txt files needed even if I include them in the package and set them as system files.
If I "Run as administrator" all is well but that isn't really plausible as I need it to function while "Running as User".
Is there anyway to prompt the user while installing to agree to an install with admin rights, so it doesn't have to be done manually before a prompt each launch.
Anything that can get my code running again would be brilliant, thanks.
Longer Writeup: System.UnauthorizedAccessException while running .exe under program files (several other options in addition to the ones listed below).
Per-User Folder: I would think you should install the files in question to a per-user folder (writeable for user - for example My Documents), or as templates to a per-machine folder (not writeable for normal users - for example %ProgramFiles%) and then have your application copy the templates from the per-machine location to the current user's My Documents folder - for example. Then you write to the files there - where a regular user will have write access. I suppose you could also write to a network share which is set up for users to have access.
Elevation: It is possible, to require the application to run elevated (link might be outdated - for .NET it is slightly different), but this is a horrible approach for something as simple as writing to text files. I would never require such elevation. Elevated rights are pervasive, and you don't want your application to run with the keys to the city - you become a hacker target and bugs in your tool become armed and dangerous.
ACL Modification: It is also possible to install the text files to a per-machine location and apply ACL permissioning to them so that they are writeable for regular users even if they don't have elevated rights. There is some information on how to do this here (bullet point 2). This approach is frowned upon in this day and age, but it will work. Be on the alert that your ACL permissioning shouldn't be too tight, in case you write to a new file, delete the old one and rename the new file to the old name during your write operation - you need file create in addition to file write obviously - there is very fine-grained control in NTFS. GenericWrite should do the trick I think.
Some Links (loosely connected, added for easy retrieval):
- Create folder and file on Current user profile, from Admin Profile
- Why is it a good idea to limit deployment of files to the user-profile or HKCU when using MSI?
- Create a .config folder in the user folder
这篇关于C ++ MSI程序包管理特权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
