'Execute as Administrator' inconvenience 1

[SitesMasstec]

Hello colleagues!

I distribute applications (stand alone .EXE files) created with Visual FoxPro 9.

Despite the fact that I warn my users to 'Execute as Administrator' in order to execute the applications normally, they sometimes forget this advice and got error from Windows.

Is there a way to avoid this unconvenience? Something I (as a developer) can do in Visual FoxPro project or in InstallShield Express for VFP during SETUP.EXE creation?

If not, can the user do something just once in order to execute the appplication without having to 'Execute as Administrator'?

Thank you,
SitesMasstec

 

[Mike Lewis]

I'm not sure about this, but could it be as simple as ticking the "Run this program as adminstrator" box in the EXE's property sheet (on the Compatibility page)?

This is a sticky setting, so a given user only has to do it once.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

 

[Gerrit Broekhuis]

Hi,

For normal operation administrator privileges should not be required. I’ve used it sometimes for registering DLL’s or adding/changing registry entries, but this is not a daily routine for most applications and users.

Perhaps you can explain why you think this is necessary? What errors do you get when you start as a “normal” user? I guess the experts on this forum will be able to assist.

Regards,
Gerrit

 

[Olaf Doschke]

It's not clear for which functionalities you need elevated permissions for every run of the application.

ActiveX controls and COM Servers only need registering during setup and setups always run elevated, so it's not normal to need elevated permission.

A use case for an application needing permanent administrative elevation is, of course, administrative software. About OS administration, not about the administration of your application or database, as that normally will not need any OS related privileges.

So what does not run, if the EXE does not run elevated?

And yes, you can require administrative elevation with an embedded manifest. Not long ago I talked about this and you find the description of how to add that requirement here:

https://west-wind.com/wconnect/weblog/ShowEntry.blog?id=890

You only need to follow the part of the article captioned "Force your application to run in administrative mode"

With a manifest modified that way your application will not automatically gain elevated permissions, it will just automatically ask for them, so users of the administrative group need to confirm wanting to run the EXE elevated, normal users will be prompted for login as an administrator, that can't be forgotten this way, but normal users will not be able to run such applications, so the better goal is to only need elevation for some one time registrations of eg ActiveX, COMServers. But I don't know what you're doing, that needs an Administrator. If you store the database within the application directory, you can either tell Installshield to install that into AppData folder readwrite for everyone or specify a subdirectory of your application directory is writable for say the group of computer users.

When you create your setup you'll have a preview of files as they will be on the target computer, right click there on folders and files and look into the options you have about setting permissions, which are applied during setup. That way you won't need elevation just to write into files inside the /Program Files/Yourapp directory.

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[Olaf Doschke]

This is important, therefore I write this separate.

If you run an application elevated, there are ways you undermine the security of the system. Since your process is elevated you can, for example, see more files in the file open dialogs of your application and also act on them. That's a good enough reason to only go that route if your application really needs these privileges.

There are system folders foreseen to store data, documents and other things not needing elevation, for example, so an application needing to write in the application folder should never be necessary.

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[SitesMasstec]

When the user run the application normally (NOT as Administrator) the error is:

"Cannot execute. In use by another process"

I will read the article "Force your application to run in administrative mode" cited above by Olaf.




Thank you,
SitesMasstec

 

[Olaf Doschke]

You'll need to tell more than just the error, which code is causing it.
Error handling will tell you and very likely you know what resource you want to use.

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[SitesMasstec]

Olaf:

All my different applications (about 10) report the same error (error number 1705), but when the users "Run as Administrator" the applications run normally.




Thank you,
SitesMasstec

 

[Gerrit Broekhuis]

Probably you have similar code in all your 10 applications, so personally I would like to know then what is causing this error. Do you have an errorhandler in place? What is the exact code causing this error? Perhaps we may be able to solve the actual problem instead of looking at elevation to mask your application’s erratic behavior.

Regards,
Gerrit

 

[SitesMasstec]

Guerrit:

This is the code on the initial program: (I leave out some lines of code for the purpose of displayinh it here)

SET DEBUG OFF


SET SYSMENU OFF

SET PRINT OFF
SET DEVICE TO SCREEN

*
SET DATE BRITISH
SET CENTURY ON

SET TALK OFF
SET SAFETY OFF
SET EXCLUSIVE OFF
SET CONFIRM OFF

SET DELETED ON

SET BELL TO 2048, 1

SET SEPARATOR TO "."
SET POINT TO ","

SET SECONDS OFF
SET HOURS TO 24

SET PROCEDURE TO SUBROT


PUBLIC YRSTAT, YRCODI, YRNOME, YRCLAS, YRCALO, YRVALI, YRARMA
PUBLIC YROR(20), YRCO(20), YRNO(20), YRQT(20), YRUN(20), YRVR(20)
PUBLIC YRCUST, YRUNID, YRREND, YRPPER, YRCUNI, YRFMUL, YRPRVE, YRDATA
PUBLIC YRFOTO

PUBLIC YRPREP


PUBLIC POSITITX    && Posicao de um titulo (para centralizacao)

PUBLIC CONTAERRO      && Contador de erros
CONTAERRO=0



DEFINE WINDOW TelaPadrao IN SCREEN;
	FROM 0,0 TO 54,200;
	FONT 'Courier New',12 STYLE 'B';
	FOOTER '<F2> pesquisa insumos no Estoque';
	COLOR RGB(0,51,153, 204,204,204), RGB(0,51,153,  255,255,255)



* Erros
DEFINE WINDOW MostraErro IN SCREEN;
	FROM 5,10 TO 21,115;
	FONT 'Arial',11;
	STYLE 'B';
	TITLE 'Mensagem de erro' HALFHEIGHT;
	PANEL;
	COLOR RGB(255,255,255,  255,0,0), RGB(0,0,0,  255,255,255)
* --------------------------------------------------------------------------
*               Definicao de teclas e eventos

ON KEY LABEL F8 DO MANUALREC     && Abre o Manual do sistema em navegador
ON KEY LABEL F9 DO SUPORTE

ON ERROR DO ERROS WITH ERROR(), MESSAGE(), MESSAGE(1)

* --------------------------------------------------------------------------


SET PROCEDURE TO SUBROT


PUBLIC Impressora, ImprExt, Papel, PapelExt, ImprNormal, ImprCompact, NLinhasPad


REDE="Nao"

IF REDE="Sim"
	SET EXCLUSIVE OFF                 && LAN command 1/2
	SET REPROCESS TO AUTOMATIC        && LAN command 2/2
ENDIF

* ---------------------------
* --- USUARIOS  FICTICIOS ---
* ---------------------------
EMPRUSUA="COZP"

* ---------------------------------------------------------------------------------------
* ------------------------  U S U A R I O S   F I C T I C I O S  ------------------------
* ---------------------------------------------------------------------------------------
IF EMPRUSUA="COZP"    && teste
	EMPRESA="C O Z I N H A    P A U L I S T A"

	RazaoSocial="COZINHA PAULISTA BAR E RESTAURANTE LTDA."
	CNPJuridica="CNPJ 07.854.881/0001-55"
	EnderEmp="Rua das Palmeiras, 452  Sao Paulo   SP"

	EMPRLOGO ="COZPAUL4.BMP"       && Para a tela inicial - bege
	EMPRLOGOP="COZPAUL2.BMP"       && para impressao
	EMPRLOGOB="COZPAUL4.BMP"       && Para a tela principal - bege
*                                     Letra usada para escrever Cozinha Paulista:
*                                     Napa SF    Negrito    26
	REDE="Nao"
	CadExclu="N"         && aceita cadastrar sobre codigo excluido ?

	LimitaUso="S"
	DataLimite=CTOD("30/06/2019")
	Demo="S"
ENDIF
* ---------------------------------------------------------------------------------------
* ---------------------------------------------------------------------------------------


SISTEMA="SISTEMA CADASTRO DE RECEITAS"

POSICAO=INT((95-LEN(EMPRESA))/2) + 1
POSICA2=INT((95-LEN(SISTEMA))/2) + 1


* ++++++++++++++++++++++++++  Senha alternativa  +++++++++++++++++++++++++++
PUBLIC DefSen(5)
PUBLIC NOVASEN1, NOVASEN2, NOVASEN3, NOVASEN4, NOVASEN5
SIGLSIS="REC"
DefSen(1)=SISTEMA
DefSen(2)="RECEITAS - DADOS FINANCEIROS"
DefSen(3)=" "
DefSen(4)=" "
DefSen(5)="DEFINICAO DE SENHAS"




SET EXCLUSIVE OFF                 && LAN command 1/2
SET REPROCESS TO AUTOMATIC        && LAN command 2/2


	QuerConfig="Nao"
	DO CONFIREC

DO WHILE .T.

	_SCREEN.WINDOWSTATE=2
	_SCREEN.CLOSABLE=.F.
	_SCREEN.CAPTION="Sistema Cadastro de Receitas"
	_SCREEN.ICON="LANCHE.ICO"


	ACTIVATE WINDOW TelaPadrao
	CLEAR
	DO LIMPATELA WITH 30

	STORE 0 TO T
	STORE 10 TO CO

IF QualModoCadastro="C"
*================================
	ON KEY LABEL F2 DO MOSTREST    && (procedure em SUBROT.PRG)
*================================
*================================
	ON KEY LABEL F4 DO MOSTRTAC
*================================
ENDIF


* ----------------------------------------------------------------------------------------------------

	POSICAO=INT((90-LEN(EMPRESA))/2) + 1
	POSICA2=INT((90-LEN(SISTEMA))/2) + 1

	IF SUBSTR(CNPJuridica,1,4)="CNPJ"    && Somente imprimira logotipo se Usuario for empresa
		@ 1,2 SAY EMPRLOGO BITMAP
	ENDIF

	@ 2, POSICAO SAY EMPRESA
	@ 4, POSICA2 SAY SISTEMA
	@ 8,63 SAY 'versao: 5.40 (W)'
	@ 9,63 SAY "   release " + ReleLimi


	OK="X"
	DO WHILE OK<>SPACE(1) AND OK<>"S"
		OK=SPACE(1)
		@15,16 SAY ' Tecle <enter> p/ entrar no programa, S p/ sair ' 
		@15,23 SAY "<enter>" COLOR RGB(0,128,0)
		@15,54 SAY "S" COLOR RGB(255,0,0)		
		@15,64 GET OK PICTURE '!'
		READ

		IF OK="S"
			CLOSE DATABASES
			DEACTIVATE WINDOW TelaPadrao
		ENDIF
		
	ENDDO

	DEACTIVATE WINDOW TelaPadrao

	DO FORM MENU2REC   
	
ENDDO

Thank you,
SitesMasstec

 

[Olaf Doschke]

ON ERROR DO ERROS WITH ERROR(), MESSAGE(), MESSAGE(1)

Really, that's all you display?

Even just the help topic of ON ERROR error will show you that you can also get the information PRGOGRAM() and LINENO().
Besides AERROR and ASTACKINFO even tell more details.

And I already gave you error handling including these: thread184-1777466

The most important besides the error message, where the error happened. This way you only know the error is somewhere in all that code.

You're using SET EXCLUSIVE OFF, notice this is a per session setting, OFF by default in runtime, only ON at design time.

But it might just be your in your development environment keeping some files open exclusive, especially if your project includes the exact database your users work on later, when you program inhouse for a company. If you do so, you have to consider having separate development and test databases. Or database folders, if you only work on free DBFs.

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[SitesMasstec]

Dear colleagues:

I had took out some tens of lines of code in my post above, I thought to be useless for this purpose, BUT, after reading more carefully your advices here, I think I should post part of the code I took out:

ARQUIVO="C:\WDOXREC"
CREATE TABLE &ARQUIVO FREE (WDOX CHARACTER(36))

The default diretory for the application to be installed is C:\Program files(x86)\WRECEITAS

After installation, when the application is executed for the first time it creates a file in the main folder C: and create in it the WDOXREC.DBF file.

May it be the command that requires "Execute as Administrator"?

This creation is for control of use time limitation, so it is important.

Thank you,
SitesMasstec

 

[Tore Bleken]

For security reasons no "normal" programs are not allowed to write to c:\program* folders, and not to root folders. I strongly suggest that you respect this limitation, which was introduced many years ago, for very good reasons. In other words, choose other folders!

 

[SitesMasstec]

Hello Tore!

So this is the problem!

That said, I have 2 doubts:
1) Can the application create the folder \MyLimit in the root folder C:, and then create the WDOXREC.DBF file inside the folder \MyLimit without the need of Administrator credentials?

2) The application is 32-bit. During installation in a 64-bit Windows, it will suggest the C:\Program files(x86) for installation. Even in this case the Administrator credentials are required?



Thank you,
SitesMasstec

 

[Olaf Doschke]

You're making it hard on yourself, when you want to write to C:\ directly. Simply don't do that.
Imagine the clutter of files, if everyone would write into root directories.

You can use environment variables of VFP to determine a good directory for all users: AddBs(GetEnv("ALLUSERSPROFILE"))+"Documents\YourApp\", for a single user: AddBs(GetEnv("USERSPROFILE"))+"Documents\YourApp\" and this will work from XP up to Win10.

There are other ways and more specific system folders, which not only vary from OS to OS, but even vary in the way to determine them For example only since Vista there are folder GUIDs to be used giving the concrete names of folders. But in your case it would be sufficient to make use of the GETENV() environment variables.

Bye, Olaf.





Olaf Doschke Software Engineering

https://www.doschke.name

 

[Olaf Doschke]

1) You can create foilders in root without admin permission, but this still is clutter, there are folders meant to be used to store application and/or user specific data and you neither create your own root files nor root folders.

2) Both Program Files folders are write-restricted, this is not a bitness dependent concept, this is a security dependent concept.

Read this to see what information you're lacking for over 10 years now:

http://doughennig.com/papers/Pub/Vista.pdf

Bye, Olaf.

Olaf Doschke Software Engineering

https://www.doschke.name

 

[Mike Lewis]

The sensible place to create a folder for storing your application's data is under the user's Application Data folder. That's what it's for. The usual convention is to create a sub-folder under Application Data for your company. And a sub-folder below that for each of your company's applications.

If you don't know how to locate the Applcation Data folder (its exact name and path varies with different versions of Windows), see here for some example code:

http://www.hexcentral.com/articles/foxpro-folders.htm

Mike



__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads