Should check for necessary access

[flowchartsman]

In keeping with the zero-surprises mode of thinking, deadman should detect, at startup, whether or not it is capable of shutting down. On *nix systems, this means checking whether or not it has superuser access. On windows, further research is required.

[omern1]

on windows, every thing will be resolved by using the win32 api because it has functions for all of the things that are issues here.

[flowchartsman]

In order to figure out exactly which calls to make, I'll need to not only know which DLLs are involved, but also the permission names/UUIDs and such that are involved. If you can point me in the right direction of finding out if a given user has shutdown privileges, it would be much appreciated. All I know as of now is that the local security policy of a windows box can restrict it. As to how to check... not there yet.

[omern1]

A better idea would be to force the application to run only with administrative privileges by embedding a manifest.

[flowchartsman]

Good idea. Maybe using this: http://github.com/akavel/rsrc

Care to submit one?

Sent from my iPhone

On May 8, 2015, at 5:35 AM, Nabeel Omer [email protected] wrote:

A better idea would be to force the application to run only with administrative privileges by embedding a manifest.

—
Reply to this email directly or view it on GitHub.

[omern1]

Care to submit what? A manifest?

[flowchartsman]

Yes.

Sent from my iPhone

On May 9, 2015, at 1:26 AM, Nabeel Omer [email protected] wrote:

Care to submit what? A manifest?

—
Reply to this email directly or view it on GitHub.

[omern1]

Sure.

[omern1]

<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

This is a manifest that will force the user to provide administrator credentials and the application will run elevated. Its 100% correct and working (I know that for certain because I copied it from one of my own applications).
PS. I believe, now I am a contributor :)

[flowchartsman]

I'll test and make sure that the tool I've got embeds the necessary manifest, and that it works. If all goes well, what you can do if you want to get on the contributors list is the following:

1. Fork the repo.
2. make a directory assets/windows
3. place this file there with a suitable filename like require_admin.xml
4. check it in with a decent commit message
5. issue a pull request.

Then, my friend, you'll be listed as a contributor.

[omern1]

Hahaha, Thanks.

[omern1]

What's Up Andy, stopped all development?

[flowchartsman]

Nope. Working on an event-based branch to remove the need for polling.

[omern1]

That is a tough job. Especially in windows. You need a message only window. Anyways, did you try the manifest?

[flowchartsman]

I actually completed it with a callout to powershell and System.Management.WqlEventQuery and System.Management.ManagementEventWatcher. It's unpolished at the moment, but it works. All Win32_PnPEntitys seem to show up on add and remove. No, I have not yet tried the manifest. I will try and get to it tonight.

[omern1]

Have you updated the repository?

[flowchartsman]

You will receive an alert when I do.

[omern1]

Something wrong?

[flowchartsman]

Unix checks still outstanding. This appears to work for Windows. I also gave it a more meaningful name. You also didn't create an assets directory like I asked, but I think it will be okay in the base directory with the new name.