From: "Houder" <houder@xs4all.nl>
To: cygwin@cygwin.com
Subject: Re: Baffled: is it Cygwin (64-bits) or Windows that causes the invocation of regedit (from bash) to fail?
Date: Mon, 12 May 2014 17:31:00 -0000 [thread overview]
Message-ID: <a65de848a5c26a9d9fdf14a79f989849.squirrel@webmail.xs4all.nl> (raw)
In-Reply-To: <20140512125054.GC2436@calimero.vinschen.de>
Hi Corinna,
Thank you for sharing your expert knowledge!
>> Consequently, I decided to investigate why I got the denial (64-bits Cygwin) at my end.
>>
>> First of all, some more info about my "environment":
>>
>> - I am using Cygwin from Windows 7 ...
>> - I am using Cygwin from an administrative account ...
>> - furthermore, using secpol.msc, I have set the ConsentPromptBehaviorAdmin field in
>>
>> HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System (key in registry)
>>
>> to zero, meaning 'elevate without prompting'
>
> Doesn't matter. The problem is that elevating is a special procedure,
> requiring a special form of ShellExecuteEx function, which doesn't
> integrate well with the requirements of POSIX fork/exec. Therefore
> Cygwin never calls ShellExecuteEx to fork/exec an application, rather it
> calls CreateProcess/CreateProcessAsUser, both of which don't provide a
> way to elevate a process. Therefore, to elevate a process from a Cygwin
> shell, the shell must already run elevated (e.g., right click on "Cygwin
> Terminal" -> "Run as Administrator...").
>
> What's really annoying: RegEdit's mainfest does not request "asAdmin"
> rights. Rather it only requests "MaximumAllowed". One would think this
> means that a CreateProcess call would simply continue with the current
> permissions of the user. Not so, unfortunately.
Interesting! I can assure you that I am UNfamiliar grounds here :-)
But how do you explain, that I can invoke regedit from 32-bits Cygwin, using
an UNelevated bash?
(both /drv/c/Windows/regedit and /drv/c/Windows/SysWOW64/regedit)
(Sorry, I will look into that myself :-)
Henri
-----
@ stat_uac
The values of the fields are currently:
1. ConsentPromptBehaviorAdmin 0x0
2. ConsentPromptBehaviorUser 0x1
3. EnableInstallerDetection 0x1
4. EnableLUA 0x1
5. EnableSecureUIAPaths 0x1
6. EnableUIADesktopToggle 0x0
7. EnableVirtualization 0x0
8. PromptOnSecureDesktop 0x1
9. ValidateAdminCodeSignatures 0x0
10. FilterAdministratorToken 0x0
@@
=====
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2014-05-12 17:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-10 13:42 Houder
2014-05-10 14:11 ` Chris J. Breisch
2014-05-12 12:50 ` Houder
2014-05-12 12:51 ` Andrey Repin
2014-05-12 17:13 ` Houder
2014-05-12 13:01 ` Corinna Vinschen
2014-05-12 13:15 ` Shaddy Baddah
2014-05-12 13:23 ` Corinna Vinschen
2014-05-12 18:47 ` Houder
2014-05-12 17:31 ` Houder [this message]
2014-05-13 15:10 ` Houder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a65de848a5c26a9d9fdf14a79f989849.squirrel@webmail.xs4all.nl \
--to=houder@xs4all.nl \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).