C# 标记 MSI,因此它必须作为提升的管理员帐户运行
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/304353/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Mark MSI so it has to be run as elevated Administrator account
提问by Ryan
I have a CustomAction as part of an MSI.
我有一个 CustomAction 作为 MSI 的一部分。
It MUST run as a domain account that is also a member of the local Administrators account.
它必须作为域帐户运行,该帐户也是本地管理员帐户的成员。
It can't use the NoImpersonate flag to run the custom action as NT Authority\System as it will not then get access to network resources.
它不能使用 NoImpersonate 标志以 NT Authority\System 身份运行自定义操作,因为它随后将无法访问网络资源。
On Vista/2008 with UAC enabled if NoImpersonate is off then it will run as the executing user but with the unprivilegedtoken and not get access to local resources such as .installState. See UAC Architecture
在启用了 UAC 的 Vista/2008 上,如果 NoImpersonate 关闭,则它将作为执行用户运行,但使用非特权令牌并且无法访问本地资源,例如 .installState。参见 UAC 架构
Anyone know of a way to either
任何人都知道一种方法
Force the MSI to run with the elevated token in the same way that running from an elevated command prompt does?
Force the CustomAction to run elevated (requireAdministrator in manifest doesn't appear to work)?
Work out if UAC is enabled and if it hasn't been ran elevated and if so warn or cancel the installation?
强制 MSI 以与从提升的命令提示符运行相同的方式使用提升的令牌运行?
强制 CustomAction 运行提升(清单中的 requireAdministrator 似乎不起作用)?
确定 UAC 是否已启用,是否未提升运行,如果是,则警告或取消安装?
采纳答案by Ryan
Answering my own question for any other poor s0d looking at this.
为任何其他可怜的 s0d 回答我自己的问题。
You can't add a manifest to an MSI. You could add a SETUP.EXE or bootstrapper to shell the MSI and manifest that with requireAdministrator but that defeats some of the point of using an MSI.
Adding a manifest to a CustomAction does not work as it is ran from msiexec.exe
您无法向 MSI 添加清单。您可以添加一个 SETUP.EXE 或引导程序来外壳 MSI 并使用 requireAdministrator 显示它,但这会破坏使用 MSI 的某些要点。
向 CustomAction 添加清单不起作用,因为它是从 msiexec.exe 运行的
The way I have tackled this is to set the MSIUSEREALADMINDETECTIONproperty to 1 so the Privileged condition actually works and add a Launch Condition for Privilegedthat gives an error message about running via an elevated command prompt and then quits the installation.
我解决这个问题的方法是将MSIUSEREALADMINDETECTION属性设置为 1,以便特权条件实际起作用,并为特权添加一个启动条件,该条件给出有关通过提升的命令提示符运行的错误消息,然后退出安装。
This has the happy side effect - when an msi is ran from an elevated command prompt deferred CustomActions are ran as the current user with a full Administrator token (rather than standard user token) regardless of the NoImpersonatesetting.
这有一个愉快的副作用 - 当从提升的命令提示符运行 msi 时,无论NoImpersonate设置如何,延迟的 CustomActions 都以具有完整管理员令牌(而不是标准用户令牌)的当前用户身份运行。
More details - http://www.microsoft.com/downloads/details.aspx?FamilyID=2cd92e43-6cda-478a-9e3b-4f831e899433
更多详情 - http://www.microsoft.com/downloads/details.aspx?FamilyID=2cd92e43-6cda-478a-9e3b-4f831e899433
[Edit] - I've put script here that lets you add the MSIUSEREALADMINDETECTION propertyas VS doesn't have ability to do it and Orca's a pain.
[编辑] - 我已经把脚本放在这里,让你添加 MSIUSEREALADMINDETECTION 属性,因为 VS 没有能力做到这一点,而 Orca 很痛苦。
回答by Peter Crabtree
requireAdministrator in the manifest should work.
清单中的 requireAdministrator 应该可以工作。
You can also use a bootloader .exe file which can use ShellExecute with "RUNAS" as the verb (you can use 7-zip to create the bootloader, or there are many other ways).
您还可以使用引导加载程序 .exe 文件,该文件可以使用 ShellExecute 和“RUNAS”作为动词(您可以使用 7-zip 来创建引导加载程序,或者有许多其他方法)。
回答by Mohammadreza
You can creating a simple sfx archive file for msifile with Winrar and these options:
您可以使用 Winrar 和以下选项为 msi文件创建一个简单的sfx 存档文件:
Setup tab > Run after execution input: your msi file name
Advanced tab > Mark Request Administrative accessoption checkbox
设置选项卡 >执行后运行输入:您的 msi 文件名
高级选项卡 > 标记请求管理访问选项复选框
