Return-Path: Delivered-To: apmail-httpd-packagers-archive@www.apache.org Received: (qmail 96042 invoked from network); 19 Sep 2007 06:13:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Sep 2007 06:13:16 -0000 Received: (qmail 25297 invoked by uid 500); 19 Sep 2007 06:13:07 -0000 Mailing-List: contact packagers-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: packagers@httpd.apache.org Delivered-To: mailing list packagers@httpd.apache.org Received: (qmail 25285 invoked by uid 99); 19 Sep 2007 06:13:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Sep 2007 23:13:07 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [64.202.165.183] (HELO smtpauth03.prod.mesa1.secureserver.net) (64.202.165.183) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 19 Sep 2007 06:13:06 +0000 Received: (qmail 1307 invoked from network); 19 Sep 2007 06:12:44 -0000 Received: from unknown (24.15.193.17) by smtpauth03.prod.mesa1.secureserver.net (64.202.165.183) with ESMTP; 19 Sep 2007 06:12:43 -0000 Message-ID: <46F0BDDB.9000400@rowe-clan.net> Date: Wed, 19 Sep 2007 01:12:43 -0500 From: "William A. Rowe, Jr." User-Agent: Thunderbird 1.5.0.12 (X11/20070719) MIME-Version: 1.0 To: packagers@httpd.apache.org, jschwart@windows.microsoft.com Subject: Re: help with Vista UAC issues [was: Looking for Vincent Bray] References: <46CA5E02.30501@rowe-clan.net> <46CB1B52.8020809@rowe-clan.net> In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org > From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net] > > Jon Schwartz (NT) wrote: >> Bill, >> >> It looks like the issue actually boils down to mismarked custom actions in the package. Specifically, the following custom actions are marked to run on behalf of the user (i.e., non-elevated), rather than on behalf of the machine (i.e., elevated): >> >> Custom Action Current Type "Promoted" Type (i.e., elevated equivalent) >> ---------------------------------------------------------------------------------------------------------------------------------- >> SelfRemoveService 1106 3154 >> SelfStopService 1106 3154 >> InstallConfFiles 1602 3650 >> RemovePriorService 1618 3666 >> SelfInstallService 1618 3666 >> SelfStartService 1746 3794 >> StartApacheMonitor 1746 3794 >> >> (Note that SelfStartService and StartApacheMonitor only require elevation since interactive users don't have SERVICE_START permissions on the service) FYI, I followed all of these changes, but decided to retain StartApacheMonitor, the user can't be allowed to have that impersonating the localsystem in their userspace, it's a security consideration because from there, they may launch the full SCM, connect to remote machines, etc. Suffice it to say, if they install as-user, and want to administer rather than just view the world through ApacheMonitor, they will need to grant appropriate permissions. Bill