[sword-devel] BibleCS Installer: HKCU vs HKLM
paraclete at bibleinverse.org
Tue Feb 14 08:20:52 MST 2006
> If you do the leg work, I'll incorporate it. But at some point we need to
> do a release. And at that point whatever is solid will make the cut and be
> used. We can still work on it for the next release.
I did some more research, and the more you look, the more complicated it
seems to get. I'm ready to punt and proceed with the assumption that they
need admin priv ... to both install and run.
The problem doesn't look like it will go away. My impression is that more
and more the guidance is to run with least privilege because that prevents
most malware from being able to do their damage.
>> However, you may be correct that a limited user will have problems
>> writing to C:\Program Files ..... which presents a big problem. On my
>> test computer, the C:\Program Files was created by my normal Admin
>> account, which may prevent a subsequent limited user account from writing
>> to it .... that might not be the case if the C:\Program Files was created
>> on a computer that didn't have a previous Admin account established.
> I don't think that it matters. If it can't be written to on some machines,
> but because of how the user upgraded to their current os, then we
> shouldn't use that location.
> That would be a show stopper. There must be an alternative location for a
> limited user.
I didn't find any .... that does seem like a show-stopper. The WinXp Logo
requirement calls for installation to C:\Program Files, and being able to
run as a limited user. Files like userpref.conf, options.conf, and other
writable .conf files are supposed to go in C:\Documents and
Settings\[CurrentUser]. It may be that the Microsoft .msi installer would
need to be used to accomplish that.
If we didn't have 1.5.6 (and earlier) legacy, it perhaps might be worth
wrestling with, but reinstalls to the existing location put the
difficulty/effort/complexity beyond something I have
time/experience/aptitude to work on. Sorry (and also for bringing up the
issue without realizing the implications and thus slowing down progress).
>> There will probably be similar issues with SWORD_PATH ... a limited user
>> can probably set this environment variable for just themselves, not all
> Hopefully, WriteEnvStr has all that figured out. But we should check.
I think you are correct.
More information about the sword-devel