50% OFF!!!

Wednesday, January 2, 2013

NSIS - Launch a program as user from UAC elevated installer

NSIS - Launch a program as user from UAC elevated installer
==========================================

I noticed that if a program is running as UAC elevated (admin or high user privileges), 
any opening process by this process will get the same privileges as the executing program,
which means, that any process opened by this UAC elevated program will be elevated also.

I found a solution for it, for opening the process UN-ELEVATED from ELEVATED running program.
I show this information as for NSIS installer, but can be used in ANY development environment (C#, NSIS, C++, JAVA, VB, and any).

The idea is to run the process in UN-ELEVATED mode, using windows's file explorer process `explorer.exe` (info).
Lets say the process that we want to launch is on `$TEMP\MyUnElevatedProcess.exe`.
So, for NSIS code, I will just write:

Exec '"$WINDIR\explorer.exe" "$TEMP\MyUnElevatedProcess.exe"'

And this will do the work...
The process `MyUnElevatedProcess.exe` will run with same ELEVATION that have your windows login, as have `$WINDIR\explorer.exe`.


Execute with parameters:
In addition, if the UN-ELEVATED process need to executed with parameters, you will need to create another file that executes the UN-ELEVATED process (for example a BATCH file which just run the process with the command line parameters).
a good example can be:
; assuming that the file `MyUnElevatedProcess.exe` exists on `$TEMP\`

; create shortcut with ARGUMENTS
CreateShortCut "$TEMP\Shortcut.lnk" "$TEMP\MyUnElevatedProcess.exe" "/arg1 /arg2 /arg3"

; execute the file NON elevated
Exec '"$WINDIR\explorer.exe" "$TEMP\Shortcut.lnk"'


Remember,
if your main program (the executing), is not ELEVATED, this logic is not relevant, because then you can just run `Exec` (open-process function in NSIS) which will have the same elevation as your process.

I hope it helps,
MDB-BLOG