马克微星所以它运行高架管理员帐户 [英] Mark MSI so it has to be run as elevated Administrator account

问题描述

我有一个CustomAction作为MSI的一部分。

I have a CustomAction as part of an MSI.

它必须运行的，这也是本地Administrators组的成员帐户的域帐户。

It MUST run as a domain account that is also a member of the local Administrators account.

它不能使用NoImpersonate标志运行自定义操作作为NT Authority\System因为它不会再获得访问网络资源。

It can't use the NoImpersonate flag to run the custom action as NT Authority\System as it will not then get access to network resources.

在Vista中/ 2008启用UAC如果NoImpersonate是关闭的，然后它会运行作为执行用户，但与在无特权标记，并没有得到访问本地资源，如.installState。 见UAC架构

On Vista/2008 with UAC enabled if NoImpersonate is off then it will run as the executing user but with the unprivileged token and not get access to local resources such as .installState. See UAC Architecture

任何人都知道的方式为

• 强制MSI以同样的方式与提升令牌运行，从提升的命令提示符下运行呢？

• Force the MSI to run with the elevated token in the same way that running from an elevated command prompt does?

强制CustomAction运行升高（清单中requireAdministrator似乎没有工作）？

Force the CustomAction to run elevated (requireAdministrator in manifest doesn't appear to work)?

如果启用UAC，如果它没有被跑升高，如果是警告或取消安装？

Work out if UAC is enabled and if it hasn't been ran elevated and if so warn or cancel the installation?

推荐答案

回答我的问题任何其他贫困S0D看着这一点。

Answering my own question for any other poor s0d looking at this.

• 您不能添加一个清单给MSI。你可以添加一个Setup.exe或引导程序壳微星和明显与requireAdministrator但违背了一些使用MSI的地步。

• You can't add a manifest to an MSI. You could add a SETUP.EXE or bootstrapper to shell the MSI and manifest that with requireAdministrator but that defeats some of the point of using an MSI.

添加清单到CustomAction因为它是从msiexec.exe的跑也不行

Adding a manifest to a CustomAction does not work as it is ran from msiexec.exe

我已经解决了这一问题的方法是设置 MSIUSEREALADMINDETECTION 属性设置为1使特权条件的实际工作，并添加对于特权一个启动条件，提供有关通过运行一个错误信息。提升的命令提示符，然后退出安装

The way I have tackled this is to set the MSIUSEREALADMINDETECTION property to 1 so the Privileged condition actually works and add a Launch Condition for Privileged that gives an error message about running via an elevated command prompt and then quits the installation.

这有愉快的副作用 - 当MSI从提升的命令提示符递延CustomActions都跑了作为当前用户跑一个完整的管理员令牌（而不是标准的用户令牌），而不管 NoImpersonate 设置

This has the happy side effect - when an msi is ran from an elevated command prompt deferred CustomActions are ran as the current user with a full Administrator token (rather than standard user token) regardless of the NoImpersonate setting.

详细信息 - 的 http://www.microsoft.com/downloads/details.aspx?FamilyID=2cd92e43-6cda-478a-9e3b-4f831e899433

- 我已经把剧本这里让你添加的MSIUSEREALADMINDETECTION财产作为VS没有做到这一点的能力和逆戟鲸的痛苦。

- I've put script here that lets you add the MSIUSEREALADMINDETECTION property as VS doesn't have ability to do it and Orca's a pain.

这篇关于马克微星所以它运行高架管理员帐户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！