Re: DllRegisterServer and NT security

---

• From: "Mark Yudkin" <myudkinATcompuserveDOTcom@xxxxxxxxxxxxxx>
• Date: Fri, 16 Sep 2005 07:48:17 +0200

---

No, there is no way a user can defeat the system security. But I really
suspect that you question isn't "how do I defeat security", but "how do I
install and upgrade my application without requiring an administrator to be
present?". And that's a totally different question.

A user can be empowered to be allowed to install or upgrade a program - and
that installation will run with elevated privileges (via a service). The
technology involved is called Microsoft Installer (MSI), the empowering is
called advertising. Installer creation tools such as InstallShield (that's
the one you mentioned) or Wise make the creation of the whole functionality
easy. InstallShield also supports an "updater service" to address the
auto-update requirement (I don't know Wise).

"Andy DF" <nospam@xxxxxxxxxx> wrote in message
news:432926cf$0$8478$5fc30a8@xxxxxxxxxxxxxxxxxx
>I have an autoupdate app that I use to deploy updates of my apps to end
>users.
> The application is DllRegisterServer capable in case I need to
> deploy/update an ActiveX dll/ocx.
>
> Code found here has been used for dynamic registering/unregistering of COM
> objects:
> http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=46775&lngWId=1
>
> Just recently I've run into the security issue with Win NT and above.
> If the user updating the application doesn't have administrative rights,
> DllRegisterServer will fail, and the whole updating process will end up in
> a mess.
>
> Is there a way, thru VB code, to momentarely gain administrative rights to
> perform registration of COM objects?
>
> TIA,
> Andy
>


.

---

• References:
  • DllRegisterServer and NT security
    • From: Andy DF

• Prev by Date: Re: DllRegisterServer and NT security
• Next by Date: Re: Automating Fax In Windows
• Previous by thread: DllRegisterServer and NT security
• Next by thread: DllRegisterServer and NT security
• Index(es):
  • Date
  • Thread

---

Relevant Pages The Big Ol Ubuntu Security Resource ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ... (microsoft.public.windowsxp.general) The Big Ol Ubuntu Security Resource ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ... (microsoft.public.windowsxp.general) Critical Alert Update - W32.Slammer ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ... (microsoft.public.sqlserver.security) Critical Alert Update - W32.Slammer ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ... (microsoft.public.security) [security bulletin] HPSBUX02108 SSRT061133 rev.14 - HP-UX Running Sendmail, Remote Execution ... SUPPORT COMMUNICATION - SECURITY BULLETIN ... This bulletin will be revised as other versions of Sendmail become available. ... install revision B.11.23.01.003 or subsequent, ... Security Bulletins via Email: ... (Bugtraq)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)