Impersonation Windows 7

dr_awol · 12th July 2012, 11:31

Im wondering is it possible to impersonate my admin user using nsis? I know the un and pw

do i need to call System.dll, how would i call the appropriate API functions?
sorry if this is a silly question but im new to nsis.

I will be logged in using with a standard user when running the installer

Its this the correct route i should be following?

http://forums.winamp.com/showthread.php?t=172544

Anders · 12th July 2012, 11:41

What is the goal? Why not just request admin rights like a normal installer?

dr_awol · 12th July 2012, 11:55

the installer is going to have to make updates by impersonating admin, admin has a password which the standard user will not have access to(Restricted User), so when i call RequestExecutionLevel admin,this brings up UAC requesting the admin password which the standard user will never know.

Is this possible with Nsis?

Afrow UK · 14th July 2012, 12:19

That post you linked has the code you want.

Stu

Anders · 14th July 2012, 12:44

Quote:

Originally Posted by Afrow UK

That post you linked has the code you want.

Stu

Just remember that impersonation is per thread (Will not affect CreateProcess, for that you have CreateProcess<AsUser|With[Token|Logon]> etc)

Afrow UK · 15th July 2012, 23:50

Yes and the code in Sections run in a different thread. So if you do impersonation in .onInit you will need to do it again in a first Section.

Stu

dr_awol · 16th July 2012, 10:31

First thing thank you for the replys, ive tryied to implement the code as below, but im still running into problems:

1st Massage box : i get Number: 227633266688 this is a random number:
2nd Massage box : i get Number: 25769803776
then i get an Error message "Error opening file for writing"

So i wondering if this is a permission thing? - not so sure of this as TestAdmin have full access rights on the c:\

PHP Code:


			
### User Impersanation 

!define USERNAME "TestAdmin"

!define DOMAIN "WIN-UJOVINKT6SI"

!define PASSWORD "password1"



!define LOGON32_LOGON_INTERACTIVE       2

!define LOGON32_LOGON_NETWORK           3

!define LOGON32_LOGON_BATCH             4

!define LOGON32_LOGON_SERVICE           5

!define LOGON32_LOGON_UNLOCK            7

!define LOGON32_LOGON_NETWORK_CLEARTEXT 8

!define LOGON32_LOGON_NEW_CREDENTIALS   9



!define LOGON32_PROVIDER_DEFAULT    0

!define LOGON32_PROVIDER_WINNT35    1

!define LOGON32_PROVIDER_WINNT40    2

!define LOGON32_PROVIDER_WINNT50    3



!define LogonUser "advapi32::LogonUserA(t, t, t, i, i, *l) l"

!define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(l)l"

!define RevertToSelf "advapi32::RevertToSelf() l" 





Section "App Applications" App_Applications



SetPluginUnload alwaysoff

System::Call '${RevertToSelf}.r0'

System::Call "${LogonUser}('${USERNAME}', '${DOMAIN}', '${PASSWORD}', ${LOGON32_LOGON_INTERACTIVE}, ${LOGON32_PROVIDER_DEFAULT}, .r2) .r0"

messagebox mb_ok $0

System::Call '${ImpersonateLoggedOnUser}(r2) .r0' 

messagebox mb_ok $0



  setOutPath $INSTDIR\App_Applications

      

    #Program Files

    file /r "C:\App_Platform\Output\Debug\" 



    System::Call '${RevertToSelf}.r0'

SectionEnd

Anders · 16th July 2012, 12:03

Should probably be
!define LogonUser "advapi32::LogonUser(t, t, t, i, i, *i) i"
(change l to i) and since it returns BOOL really anything nonzero is success (but it is very rare that BOOL returning functions use anything other than 0 and 1)

You should add ?e to the end of the command to get the windows error code.

...and finally, if someone really wanted to they could find the password (Debugger, decompile installer or look at the memory at the right moment in process explorer)

12th July 2012, 11:31	#1
dr_awol Junior Member Join Date: Jul 2012 Posts: 8	Impersonation Windows 7 Im wondering is it possible to impersonate my admin user using nsis? I know the un and pw do i need to call System.dll, how would i call the appropriate API functions? sorry if this is a silly question but im new to nsis. I will be logged in using with a standard user when running the installer Its this the correct route i should be following? http://forums.winamp.com/showthread.php?t=172544

12th July 2012, 11:41	#2
Anders Moderator Join Date: Jun 2002 Location: ${NSISDIR} Posts: 5,352	What is the goal? Why not just request admin rights like a normal installer? IntOp $PostCount $PostCount + 1

16th July 2012, 10:31	#7
dr_awol Junior Member Join Date: Jul 2012 Posts: 8	Error Opening File First thing thank you for the replys, ive tryied to implement the code as below, but im still running into problems: 1st Massage box : i get Number: 227633266688 this is a random number: 2nd Massage box : i get Number: 25769803776 then i get an Error message "Error opening file for writing" So i wondering if this is a permission thing? - not so sure of this as TestAdmin have full access rights on the c:\ PHP Code: ### User Impersanation !define USERNAME "TestAdmin" !define DOMAIN "WIN-UJOVINKT6SI" !define PASSWORD "password1" !define LOGON32_LOGON_INTERACTIVE 2 !define LOGON32_LOGON_NETWORK 3 !define LOGON32_LOGON_BATCH 4 !define LOGON32_LOGON_SERVICE 5 !define LOGON32_LOGON_UNLOCK 7 !define LOGON32_LOGON_NETWORK_CLEARTEXT 8 !define LOGON32_LOGON_NEW_CREDENTIALS 9 !define LOGON32_PROVIDER_DEFAULT 0 !define LOGON32_PROVIDER_WINNT35 1 !define LOGON32_PROVIDER_WINNT40 2 !define LOGON32_PROVIDER_WINNT50 3 !define LogonUser "advapi32::LogonUserA(t, t, t, i, i, l) l" !define ImpersonateLoggedOnUser "advapi32::ImpersonateLoggedOnUser(l)l" !define RevertToSelf "advapi32::RevertToSelf() l" Section "App Applications" App_Applications SetPluginUnload alwaysoff System::Call '${RevertToSelf}.r0' System::Call "${LogonUser}('${USERNAME}', '${DOMAIN}', '${PASSWORD}', ${LOGON32_LOGON_INTERACTIVE}, ${LOGON32_PROVIDER_DEFAULT}, .r2) .r0" messagebox mb_ok $0 System::Call '${ImpersonateLoggedOnUser}(r2) .r0' messagebox mb_ok $0 setOutPath $INSTDIR\App_Applications #Program Files file /r "C:\App_Platform\Output\Debug\" System::Call '${RevertToSelf}.r0' SectionEnd Last edited by dr_awol; 16th July 2012 at 10:56. Reason: setOutPath $INSTDIRApp_Applications = setOutPath $INSTDIR\App_Applications*

16th July 2012, 12:03	#8
Anders Moderator Join Date: Jun 2002 Location: ${NSISDIR} Posts: 5,352	Should probably be !define LogonUser "advapi32::LogonUser(t, t, t, i, i, *i) i" (change l to i) and since it returns BOOL really anything nonzero is success (but it is very rare that BOOL returning functions use anything other than 0 and 1) You should add ?e to the end of the command to get the windows error code. ...and finally, if someone really wanted to they could find the password (Debugger, decompile installer or look at the memory at the right moment in process explorer) IntOp $PostCount $PostCount + 1

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

12th July 2012, 11:55	#3
dr_awol Junior Member Join Date: Jul 2012 Posts: 8	the installer is going to have to make updates by impersonating admin, admin has a password which the standard user will not have access to(Restricted User), so when i call RequestExecutionLevel admin,this brings up UAC requesting the admin password which the standard user will never know. Is this possible with Nsis?

14th July 2012, 12:19	#4
Afrow UK Moderator Join Date: Nov 2002 Location: Surrey, England Posts: 8,434	That post you linked has the code you want. Stu

15th July 2012, 23:50	#6
Afrow UK Moderator Join Date: Nov 2002 Location: Surrey, England Posts: 8,434	Yes and the code in Sections run in a different thread. So if you do impersonation in .onInit you will need to do it again in a first Section. Stu