I created a windows service that runs a program on windows startup, but with this solution the program runs without administrator privileges. However, if I run the program by click on the program's shortcut on the Start menu, it runs with administrator privileges
I used this code to run the program:
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(program_name, out procInfo);
So how to run this program with administrator privileges?
Thanks
To run as administrator (program)
Right click and choose "Run as administrator" (one-time / ad hoc)
or right click and choose properties > Compatibility > check "Run this program as administrator" (set it permanently; can also be handy for setting this property on a shortcut (which is basically what Start menu items are))
To not run as administrator (service)
For services, to make it not run as an admin, open the services snap in (run services.msc from command prompt) and right click to edit properties of the service, then update the user info on the "Logon" tab.
UPDATE
It looks like you've used some code from a CodeProject article that wraps the Windows API function CreateProcessAsUser (http://www.codeproject.com/Articles/35773/Subverting-Vista-UAC-in-Both-and-bit-Archite). Make sure you read that article and follow the steps. You may not have set the correct user on the service, or your current user may not have correct perms, or may not be a member of Administrators, etc.
Related
Project:
We have created an electron application that is shipped to our users (mostly using Windows) using an NSIS installer built with electron-builder.
Scenario:
Our users are companies who install our application into the "C:\Program Files" folder on a Windows Terminal Server for all of their staff. The staff - who is using our software and sees the related update notification after a new release - most of the times can not install the update because of a lack of necessary permissions.
Question:
We would like to not only solve the above problem but even go one step further: We would like our app to update itself silently. What possible solutions are there to make this possible in a scenario like the above?
If you do per-user installs instead then normal users will of course be able to write to the directory.
Another option is to switch to MSI. A signed MSI package can be patched by normal users without UAC elevation. This is called User Account Control (UAC) Patching.
A third option is to create a NT service that runs the installer. Services can be configured so that normal users can start them. A scheduled task might also work.
In Visual Studio 2015 Source Control Explorer I select the options Add Items to Folderand then finish
However I then get an error
Multiple errors occured during the operation, the first of which is displayed below. A full error list is available in the Output WindowsThe >
item$Folder/ProjectFolder is locked for check-out Myusername in workspace MypreviouslaptopName
MypreviouslaptopName was formatted. How am I able to unlock it. I'm using the same username but different computer.
When right click on the folder in Source Control Explorer, the unlock feature is disabled. Lock is enabled.
If I click locked but it won't as it says it is already locked by my user on the previous machine.
I didn't have Admin access to TFS so was unable to unlock it.
Get Admin access or ask someone who has
team foundation sidekicks has a sidekick that will let you break a lock.
Alternatively, in your case, you could have deleted your old workspace from another laptop by using the "show remote workspace" checkbox on the manage workspaces window.
We have one of our build projects that modifies the registry on the build machine (don't ask me why) and it needs to be done as administrator.
Is there some way to run msdev from the build agent as "administrator"?
We're using TFS 2012, soon to move to TFS 2013.
- Bruce
Add the build service account to the local Administrators group
Even though it's late - adding to Vian's answer, adding the account to the local Admin groups is probably the way to go here. Someone who is an Admin on the computer will have to do this.
In the start menu type in "User". It will come up as "Edit Local Users and Groups". Click on that.
In the window that just opened, Under Groups -> Administrators (double click to edit properties of Admin Group). Add the Build Machine Account.
I have a bunch of F# scripts (fsx) that I use for my basic deployment needs. I just right click them and say "Run with F# interactive"
However, sometimes the script fails and I would like to keep the interactive console running. So far I haven't figured out a nice way to achieve that.
I tried starting up the fsi.exe manually but then how can I launch my script from there?
If you are hackish enough, you may want adding just another Explorer context menu item similar to Run with F# Interactive, but keeping the console window open after .fsx script terminates. Here is the working outline of how to achieve this for Windows7/VS2012:
being admin open regedit and find the key HKEY_CLASSES_ROOT\VisualStudio.fsx.11.0\shell
add new subkey with some unique name, like openRunCmd, make (Default) value for this key whatever you like to see in context menu, maybe Run with Fsi in shell
finally, add subkey HKEY_CLASSES_ROOT\VisualStudio.fsx.11.0\shell\openRunCmd\command and set (Default) value for this subkey to the following line:
c:\windows\system32\cmd.exe /Q /K %%USERPROFILE%%\fsx.bat "%1"
Now, close regedit, go to your home directory and create there a batch file fsx.bat with the following line:
"C:\Program Files (x86)\Microsoft SDKs\F#\3.0\Framework\v4.0\Fsi.exe" --quiet --exec "%1"
After these mods you would be able to click on any .fsx script with right mouse button, pick Run with Fsi in shell and have the shell window staying after script termination until you close it. With few small adjustments the same approach would work for VS2010.
Just be careful to adjust details, if your system settings differ from ones above. Good luck!
Update: For those who want to try this at home or at work I've posted a detailed walk-through here.
#load "myScipt.fsx";;
should work I think. But myself i prefer just to have separate console window (cmd.exe), from which i can run fsi myScipt.fsx and see the output.
I have created a windows shortcut with
Target:
cmd /k "C:\Program Files (x86)\Microsoft SDKs\F#\3.1\Framework\v4.0\Fsi.exe" deploy.fsx
Start in:
C:\FolderContaningFsxScript
This keeps the window open if the script fails so I can see any compile errors. It also keeps the window open if the script runs successfully which might or might not be desirable.
I find it easier to just click the shortcut instead of Right Click > Run with F# Interactive. I think a batch file with the above command would work as well.
After much messing around I've got CI implemented onto our test server. A custom workflow template builds and deploys 2 web apps (different servers), a database and a windows service. This is brill and takes all the worry out of deploying a test app.
I want to move this over to staging and live (queued manually), but doing it like this the TFS service account would need permissions on IIS for the web apps, DBOwner on the database and local admin on the service box. This is a big no-no for our tech guys!
What we could do is just give these permissions before we run the build and remove afterwards, but this means maintaining a list of what permissions to change where - ruining the convenience of one-click deployment a bit.
Ideally we'd just get the build to run using the account of the tech services guy whos got admin network-wide, is there a way to do that?
Yes you can do that via the TFS Administrator Console.
If you haven't configured your build machine, then you can choose the user during the configuration phase. You should see a Configuration Wizard page that allows you to choose a user account like this:
If your build machine is already configured, go to your build machine, then run %PROGRAMFILES%\Microsoft Team Foundation Server 2010\Tools\TfsMgmt.exe, then go to "Build Configuration", click at "Properties" link of the Build Service to open the Properties dialog, then click "stop to make changes" on the dialog, and you can change the account from the built-in account to a user one: