Opened 13 years ago
Closed 13 years ago
#173 closed defect (fixed)
Windows (Vista, 7, 2008) Shell Extensions - need grants escalation
| Reported by: | arioch_bdv | Owned by: | Christian Franke |
|---|---|---|---|
| Priority: | minor | Milestone: | Release 5.42 |
| Component: | all | Version: | 5.40 |
| Keywords: | windows | Cc: |
Description
Windows Vista features UAC - user access control
By default application are denied grants, needed to access raw hardware, including reading SMART, more so for running SMART tests
The shell exension needs to take this into account and run them in "elevated" mode
Maybe tools like might be used
http://www.ntwind.com/software/utilities/hstart.html
Change History (8)
comment:1 by , 13 years ago
| Milestone: | → Release 5.42 |
|---|---|
| Owner: | changed from to |
| Status: | new → accepted |
follow-up: 7 comment:2 by , 13 years ago
| Priority: | major → minor |
|---|
Would the following possibly work?
- Add a
smartctl.exe.manifestwhich requests admin rights upon startup. - Add a
--pauseoption to Win32 smartctl. If specified, smartctl prompts and waits for a key before exit likepausebatch command does. - Change installer such that shell extensions no longer use smartctl-run.bat but call smartctl.exe directly.
comment:3 by , 13 years ago
this generally has a watershed question: does SmartCtl *always* need to run elevated, or only for some tasks ? since it gives Warnings, that "running non-elevated may reduce functionality", i read it that some basic monitoring functions does not require beeing elevated and knowing Admin loginname/password
comment:4 by , 13 years ago
If ATA pass-through or SMART I/O-controls are unavailable, smartctl uses IOCTL_STORAGE_QUERY_PROPERTY to read part of the IDENTIFY data and IOCTL_STORAGE_PREDICT_FAILURE to read SMART status and attributes (without thresholds). This works without admin rights but doesn't support other features like logs and self-tests. It works for (S)ATA devices but not for USB.
So smartctl should be run elevated if possible.
follow-up: 6 comment:5 by , 13 years ago
afair, there is no "if possible" in standard Windows shell.
Either program requests be elevated - and denied launching if user denies elevation, or the program does not ask for elevation - and whould always be launched low priority.
Implementing "if possible" would be much more work :-)
comment:6 by , 13 years ago
| Keywords: | windows added |
|---|
Replying to arioch_bdv:
afair, there is no "if possible" in standard Windows shell.
With level="highestAvailable" in manifest the app should be run elevated (after UAC prompt) for members of admin group and without elevation (and no prompt) for normal users.
The only drawback is that an admin cannot select "No, but run without elevation" in UAC prompt. A workaround would be to provide another copy of smartctl.exe (e.g. smartctlu.exe) with level="asInvoker" in manifest file.
comment:7 by , 13 years ago
I tested suggestion from above on Win7 with level="highestAvailable" in smartctl.exe.manifest. It works as expected for users in admin group: After "yes" in UAC prompt smartctl is run in a new console with admin rights.
Existing tools would help. But we will not rely on non-free closed-source tools like Hstart.