I'm currently using LogonUser. If I were to use SSPI I think I could validate the account, but I also need to impersonate the user. The reason is the service uses a connection string and I want to encrypt the connection string using the data protection api (DPAPI). So, I log in as the service account, impersonate, make sure I can connect to the database with that account, create the connection string, encrypt it using DPAPI, then revert to the original context. It works fine except for the fact that I need the SE_TCB_NAME privilege and from what I can tell unless you run elevated that privilege is not granted. When I do add/remove programs and do change, I don't get a UAC prompt, and the Immediate Actions are definitely not running under an elevated user context, which I need them to do.
I could side step the issue completely if anyone has any good ideas for transferring database logon credentials to the service account (we have to support sql auth credentials from the service to our database). Brooke Philpott, Senior Technical Lead, SQL Sentry, Inc. P: 704.895.6241 x228 | F: 704.895.8771 | E: bphilp...@sqlsentry.net | B: brooke.blogs.sqlsentry.net -----Original Message----- From: Eric St.John [mailto:eric.st.j...@hotmail.com] Sent: Thursday, May 14, 2009 11:21 AM To: wix-users Subject: Re: [WiX-users] UAC prompt on feature modification after installation A quick search turned up this KB, not sure if it will help.http://support.microsoft.com/kb/180548 -Eric > Date: Wed, 13 May 2009 16:16:26 -0500 > From: bphilp...@sqlsentry.net > To: wix-users@lists.sourceforge.net > Subject: [WiX-users] UAC prompt on feature modification after installation > > When I do a fresh install I'm using a bootstrapper to launch the msi > with admin rights so I can perform a LogonUser call in order to validate > the account used during the execution phase for the service. I want to > do that validation up front so I don't get an error during the execution > phase which would roll back the whole install. Everything works fine > except today I noticed if I go to change in Add/Remove programs it > doesn't elevate. So, when I go to the UI page where I enter in the > credentials I get an error that I can't impersonate because I don't have > those privileges with my current token. > > > > Is there a way to elevate upon change in add/remove programs? Is there a > better way to do the account validation to begin with? > > > > -Brooke > > ------------------------------------------------------------------------ ------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users _________________________________________________________________ Hotmail(r) has ever-growing storage! Don't worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tut orial_Storage1_052009 ------------------------------------------------------------------------ ------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
