run as a service (UAC and user permissions)
Posted: Tue Mar 02, 2010 6:03 pm
There are a few issues with Vista/Windows 7 in that Everything requires administrator permissions to run, requiring a UAC dialog when loaded.
While it's possible to work around this using the task scheduler, it's an incomplete solution. For instance, when using the Explorer integration to search a folder from the context menu, a UAC prompt will come up.
An additional issue I've noticed is that if you do a search for an executable, then run that executable from the Everything window, it will inherit Everything's user permissions. That is, it will run with administrator privileges, which is probably NOT what you intended. While I realize this isn't a common use scenario, there have been a few times where I've used Everything to track down a seldom used program and then launched from the search results for convenience. This has the possibility of creating an unexpected security hole.
I'd like to see at the minimum a change so that executables are explicitly launched with standard privilege level unless specified otherwise (e.g. a context menu option to run as administrator).
Even better would be for Everything to run as a service rather than as a standard user application. The service would be responsible for the indexing and returning search results, and would only require UAC elevation on first install. The user would then interact with a non-elevated application that functions as a UI client, passing search requests to the service and displaying the results. Since the client runs without elevation, there are no UAC issues or unexpected executable elevations.
While it's possible to work around this using the task scheduler, it's an incomplete solution. For instance, when using the Explorer integration to search a folder from the context menu, a UAC prompt will come up.
An additional issue I've noticed is that if you do a search for an executable, then run that executable from the Everything window, it will inherit Everything's user permissions. That is, it will run with administrator privileges, which is probably NOT what you intended. While I realize this isn't a common use scenario, there have been a few times where I've used Everything to track down a seldom used program and then launched from the search results for convenience. This has the possibility of creating an unexpected security hole.
I'd like to see at the minimum a change so that executables are explicitly launched with standard privilege level unless specified otherwise (e.g. a context menu option to run as administrator).
Even better would be for Everything to run as a service rather than as a standard user application. The service would be responsible for the indexing and returning search results, and would only require UAC elevation on first install. The user would then interact with a non-elevated application that functions as a UI client, passing search requests to the service and displaying the results. Since the client runs without elevation, there are no UAC issues or unexpected executable elevations.