Re: Simple method to block outgoing traffic



Duane Arnold wrote:

Limited User Access.

Well is anybody following it?

That doesn't change anything about what's reasonable and what's not.

Exactly. When some software definitely requires Admin rights for its
job, then I have no problem running the installer. Active Ports however
does not.

I beg to differ as below you will notice the registry keys that are being
made for Aports that were gotten from the uninstall.log. Now, unless a
Limited user account has the rights and can make changes to the registry
that most likely it can't do, then Aports has to be installed with an
installer that's running under Admin rights.

Or am I missing some thing here?

You're missing that there's no need for installer to make those changes
at all, and at least graceful degradation could be assumed. And actually
there's no need for the installer at all, except some user experience

Signature=VISE

And yes, even the VISE installer crap has support for LUA.

[WinNT]
AdminPrivileges=1

Just enter a 0 here and it works fine. You'll get some errors on the
trial of writing some values, but you can simply press the Ignore button
and continue.

For the same reason I ported the complete Photoshop installation to
Limited User access , which was a big and dirty hack - but I worked.

And not in any shop that I have been in as a programmer.

Well, that's sad. In most cases simply replacing FULL_ACCESS with
MAXIMUM_ALLOWED in all fopen() calls and replacing all HKLM with HKCU
solves almost any problem.

Now, if anything had to be installed on a machine
that the user didn't have admin rights, then someone from Tech Support that
had Admin rigths came to the machine or logged on remotely and did the
install of the software.

That's the usual consideration, due to efficiency, as long as it doesn't
create any privilege escalation vulnerabilities. Photoshop does.

Well, I did it once and ported it to every other machine. And maybe I
should write a tutorial + script collection and publish it at the
intarweb for all those poor admins out there.
.



Relevant Pages

  • Re: Word v. X update
    ... I installed without admin rights, but the 10.1.9 updater wants ... /Applications, or the installer thinks that it might be, it justifiably ... polluting your working environment. ...
    (microsoft.public.mac.office.word)
  • Re: Word v. X update
    ... I installed without admin rights, but the 10.1.9 updater wants ... installed Word in my User account, ... It just seems strange that an update installer would ask for something ...
    (microsoft.public.mac.office.word)
  • Error 1706 when User tries to open Office applications
    ... Lanwench (in General newsgroup) gave me the solution to ... Give the user admin rights then run each ... Windows application once. ... The Windows installer ...
    (microsoft.public.win2000.applications)
  • Re: Word v. X update
    ... I installed without admin rights, ... polluting your working environment. ... installed Word in my User account, ... It just seems strange that an update installer would ask for something ...
    (microsoft.public.mac.office.word)
  • Re: Simple method to block outgoing traffic
    ... then I have no problem running the installer. ... Now, unless a Limited user account has the rights and can make changes to the registry that most likely it can't do, then Aports has to be installed with an installer that's running under Admin rights. ... You're not a programmer that's obvious nor does it seem that you have ever been in a Tech Support role. ...
    (comp.security.firewalls)