I would like to know, is there out there any library, any, that can make it possible that when i run processes that require the administrator in windows, that window called UAC (User Access Control) pops up.
For example, i want to install my java application in a computer that will be used by multiple users, this program needs to store settings using the Java Preferences API inside windows registry, I can access individual prefs, but i cannot access system prefs from any user account.
Please and please, do not tell me to change the user from standard to administrator, let us just say i am to there where the computer client is and the user knows nothing about changing their account, the system will require elevation per user. Please help and thank you in advance. And if u do not know any library, please don't say it is not possible.
Windows does not let "parts" of an application run as an administrator. Either the entire process runs as an administrator, or the entire process runs as a standard user.
If your standard-rights users need to be able to access something, which by default only Administrators can access, then you have two choices:
1. During install, change permissions on these system-wide settings, so that all users can access them.
You've said that all users should be allowed to modify these Java settings. So you should modify permissions controlling access to these application settings so that all users can modify them. I don't know where Java stores things, but i assume it is in a file somewhere.
2. Create a button to temporarily allow users to modify these settings.
You say that all users should be allowed to modify these machine-wide settings. But i assume you're nervous about actually allowing that. In which case you actually don't want all users to modify these machine-wide settings. That is why you can have your application function most of the time as normal.
But when it comes time to do something that requires administrative access, you can use the Windows function ShellExecuteEx to launch a copy of your application as an administrator by using the runas verb, and passing a command line parameter indicating that the program should jump right to modifying the admin-only stuff:
ShellExecute(0, "MyApp.exe", "runas", "/configureMachineWideStuff")
Then during application startup look for the /configureMachineWideStuff command line switch, and bring the user straight to the spot where they can alter the admin-only stuff.
You can even get fancy, and detect if the user is an administrator or not. And if not, use the Windows API to programatically add the UAC shield icon to your configure button:
SendMessage(button.Handle, BCM_SETSHIELD, 0, 1);
But to answer your question
No, there is no library. What you are asking to do is not possible on any computer running any operating system.
But i strongly urge you to think:
What do you do on Windows XP?
What do you do when the user is a standard user running on Windows XP? What do you want if the UAC is disabled on Windows Vista/7/8/8.1? Is the user simply stuck; unable to run your application? Does it crash horribly when it cannot read the machine-wide values? Who alters the values then?
The UAC is a convenience feature; it's only there to make your user's lives easier. The alternative is that the user must logoff and login as an Administrator.
And since you've said that the only are a standard user, then they don't know the credentials of any administrator.
So you're back to using Option #1: Alter NTFS permissions, or registry permissions, during application install. If Users need Full Control, then give Users the Full Control privileges.
Related
I am writing a program in java for an embedded linux platform. One of the OS features I need has to run as root to get access. The platform I am using is the BeagleBone Black and I want to control the Gpio pins using a memory map. I have access to the memory map and can switch the pins on and off at a very fast rate. The problem is, I don't want my program to have to run as super user, at least it doesn't seem right to implement it that way.
Is there a standard technology in linux that will run as root and let a user program make calls to it?
I know there must be, I just don't know what it is. Any help would be appreciated.
What you want to do is to drop privileges. Instead of having any process running as root for the duration, this allows a process to start as root, open resources, and then change to a different, unprivileged user. You'll still need to start the program as root, which can be done with a setuid script so that you don't need the user to be root already to run it. (This is done with other programs, like sudo.)
You can open the file as root, and then change the uid of the program to an unprivileged user (presumably the user that started the program). Take a look at this answer to see how to drop privileges in Java using JNI, and this answer for more information about a robust way to drop privileges in general.
I am developing an e-commerce web application, and in that ads from other giants pop up. I figured out that this is done by PriceFountain, which is actually a spyware. I found the steps to remove that from my laptop. more found here.
but the problem is my clients can also have this adware. I want to programmatically do following or either of them, on the client side:: (and if it is not possible at least inform the user to do so)
If, PriceFountain is present, uninstall it from their system. If it is an add-on, remove that.
Activate the pop-up blocker (deactivation can be achieved through javascript and jquery). But I want to activate. My site does not need pop-ups.
Alter the registry of user for the contents of PriceFountain.
I know this is somewhat an unethical hack, but can this be achieved and if so, how?
More of that, it is just my curiosity can we affect client site settings.?
You used to be able to do that (with jscript/vbscript) in IE if and only if the user added your site to his trusted sites (and allowed pretty much everywhere there), or if it was the intranet-site with relaxed permissions.
Back in the old day's I had such a thing for the intranet-help-site where users could browse through the faq and click on the 'execute solution' button for the common 'problems' (previously solved and added to DB).
For rather obvious security-reasons this is no longer the case (although one can still pull some stuff in legacy IE environments).
The point is: you can't do this on other browsers then IE (unless maybe you'd develop separate plug-ins for them and ask your users to install something that will essentially give you access to their whole machine). Realize that effectively what you are asking for is a way to fully control the user's machine. Would you install such a browser (on your parents pc)?
The best course of action would be to face-up, inform your users on your main-website (enter-page) that something bad spread throughout an ad-network and guide them through the steps (that you already found) necessary to relieve them from their problem.
Even if what you asked was possible, you'd still need the user's cooperation somewhere along the way, even if you'd were to write an application for this that the users could download and run (administrative/elevated)..
Good Luck!
EDIT: for the registry you might try something with the answers in this question: read/write to Windows Registry using Java
Still, you'd still need the user's co-operation.
I have a Java application that lives in the system tray that I compile to a executable jar file. I would like to add the option within my program to add to the system startup items.
As I do not know of any uniform way to do this for all operating systems I assumed I would have to write code to do it for each one I intend to support so I started with Windows.
When I attempted to add it to the registry at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] using the code available here I discovered that under Windows 7 and 8 unless I have administrator privileges (by running from an elevated command prompt) my edits to the registry do not apply.
Then I spent a day trying to figure out how to get the Jar to relaunch itself with admin privileges before I gave up on that hacky workaround.
Can the task I'm trying to achieve even be accomplished and if so how?
For the most part, you're actually looking to add the feature of auto starting on user login, rather than on system startup. For windows, if you add the registry entry under:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This location does not suffer from permissions issues when run as an ordinary user, and has been supported for a long time under Windows (I'm thinking Windows 95 time frame here), so should be a safe change across all systems.
For Linux, assuming that the operating system is following the Open Desktop AutoStart specification, then you need to create the appropriate .desktop file in $HOME/.config/autostart/ and it should autostart on login in that case.
For Mac OS X, you need to create a launch agent plist in $HOME/Library/LaunchAgents. The Daemons and services documentation details how to construct this file.
Working around user privileges is not a good idea. The registry entry is the preferred way to go. Also keep in mind that the jar by itself is not executable, it requires the jvm, so what you might want to do is use a wrapper and register that.
I'd like to programmatically launch an application (a second JVM) from a Java app using JNA.
Please note that I can't :
add a Windows manifest to the JVM (minimal impact on the client)
use right click "runas administrator" (clicking "Allow" in the UAC dialog will be complicated enough)
I've seen other Questions with answers that states "use an exe" like Java: run as administrator but I was wondering if anybody tried this using JNA
To start an application with elevated privileges, you have to use ShellExecute and pass "runas" as the value of lpOperation parameter. This method does not require you to modify the JVM to add manifest to it. This behaves as if user right-clicked the application and selected Run as administrator command.
Note: on Windows XP, you should not use "runas" because it prompts for user credentials.
Is it possible to ask for elevated permissions from within a Java Application? Suggestions I've seen seem to all be centered around running an external executable or setting up a manifest to request privileges on launch. These aren't available to, for instance, applets. Is there any way to request elevation from a running application?
UAC is not something that a running process can request (doesn't matter what language you are running in). You have to request elevation at launch time.
The way that most windows apps handle this (and make it look like they are requesting elevation) is to spawn an extra copy of themselves, requesting elevation, and passing sufficient command line arguments to the new process so that the appropriate dialog can be displayed.
This is why UAC elevation in a dialog is always initiated by a button click that opens a new dialog.
So, in the Java world, you just have to do exactly what everyone else has to do: launch your app again, requesting elevation. There are several ways to launch elevated, the 'run as' verb probably being the easiest.
Looks like Sun will have to handle that kind of situation in the JRE since there's no other way of doing elevated actions than by running an external process.
If JRE supported it, JVM would probably have to run a separate, elevated process for the java code requesting the elevation.
For now however, only the manifest or running an external application are the only solutions available as far as I know.
The question is, what do you need elevation for?
You have to use an external (native) application to do this. This post provides source code and a great explanation:
UAC Prompt From Java
You could use jna and do a ShellExec. For lpOperation use "runas" (this is not documented). Since you likely need the full path to the (current) JavaVM which is stored in the registrylook at registry access, part of JNA.
Goto the folder where java is installed.
open the properties of javaw.exe / java.exe and set "run as administator" option true.