Open GoogleCodeExporter opened 8 years ago
If we switch PeerBlock over to be a Windows Service instead of just an app, this
should allow us to startup under different user-credentials and we should no
longer
require Admin rights.
Original comment by peerbloc...@gmail.com
on 23 Jun 2009 at 2:35
Original comment by peerbloc...@gmail.com
on 24 Jul 2009 at 5:48
Perhaps gives users the option during install o configure PeerBlock to run as
either
a service, or an application?
Original comment by unknownp...@gmail.com
on 5 Sep 2009 at 6:40
I would prefer to make this decision on install-time since a) PB has already
admin-right at this point and b) is already in the "install-mood" (means: it
installs
files right in that moment - why not install the service, too?)..
Original comment by Eagle3...@gmail.com
on 5 Sep 2009 at 7:30
[deleted comment]
Removing 'After1.0' release-targetting.
Original comment by peerbloc...@gmail.com
on 29 Sep 2009 at 3:58
This is a long-term project, requiring a rewrite of much of the core code.
This will
be the basis for our PeerBlock 2.0 release.
Original comment by peerbloc...@gmail.com
on 29 Sep 2009 at 4:02
Original comment by peerbloc...@gmail.com
on 30 Sep 2009 at 4:21
Huh? Is this still the case?
Original comment by frederic...@gmail.com
on 4 Oct 2009 at 5:38
Yes, we still require admin privileges in order to run - this is why a UAC popup
appears when you run the program under Vista/7, which is what prevents us from
running at Windows startup (and from running under non-Admin user accounts).
Original comment by peerbloc...@gmail.com
on 6 Oct 2009 at 7:25
Why not consider to do it like Steam does? - AFAIK, they run a
(background-)service
with admin-rights and the "real" application runs with the user's rights..
Original comment by Eagle3...@gmail.com
on 6 Oct 2009 at 8:05
Yup, that is the plan!
Additionally, the "real" app will be able to (optionally) run the service within
itself, for example for use in a "Portable" environment or if a user wants the
entire
thing to be an App and not a Service for whatever reason.
Original comment by peerbloc...@gmail.com
on 6 Oct 2009 at 8:07
Well, that doesn't leave room for any further wishes on this, doesn't it? ;)
Original comment by Eagle3...@gmail.com
on 6 Oct 2009 at 8:36
Updating the bug description to make it easier to find when skimming through the
buglist. In addition to helping remove the Admin requirement, implementing
PeerBlock
as a Windows Service will also let us more-easily start with Windows, and work
better
in a multi-user environment.
Original comment by peerbloc...@gmail.com
on 30 Oct 2009 at 2:44
[deleted comment]
[deleted comment]
I know this topic has been dated, but I don't see why peerblock has to be
running as a
windows service. Can't users just doubleclick the icon to start it? If it is
running
at boot, then that is going to be alot of IP addresses that has to be allowed
so that
the user can run any other software. Like surf the net or run messengers or
anything
else.
I like unknownp...@gmail.com response.
Original comment by majinsn...@gmail.com
on 17 Jan 2010 at 9:17
Convenience.
And servers. It's a hundred times easier to not need to remote desktop in and
start
running stuff on a server of yours than to just have it start itself.
Original comment by gtad...@gmail.com
on 17 Jan 2010 at 9:26
also for multi-user environments, including restricted users.
Original comment by nathan.v...@gmail.com
on 17 Jan 2010 at 9:43
It needs to be a service in order to run/install a kernel level driver into the
net
stack. In order for restricted users to get any benefit from it it will have to
be
started by an Admin or by Windows its self...
A restricted user will have full access to the UI once we have it running as a
service there by making it possible to disable or re enable it at will.
Original comment by mynameherebro
on 17 Jan 2010 at 11:20
I remember a way on Vista to set up an application which requests to be
elevated to
run just smoothly _without_ the elevation prompt.. I even remember that it was
possible to achieve this without third-party tools - though, I don't remember
who to
do it exactly.. :(
Original comment by Eagle3...@gmail.com
on 18 Jan 2010 at 8:53
@Eagle3386: Is the task scheduler what your thinking about?
http://www.peerblock.com/userguide/how_to_use/htu-useraccountcontrol
Original comment by nightstalkerz
on 18 Jan 2010 at 8:59
Not exactly what I meant, but even better from what I've read so far - good
solution
(for the meanwhile), thanks a lot! :)
Original comment by Eagle3...@gmail.com
on 18 Jan 2010 at 9:09
It seems to me PeerBlock should still be able to run on a normal user if the
properties have been set on the exe for it to run with admin privileges for all
users. Correct me if I am wrong on that.
I had a quick look at the source and it's running IsUserAnAdmin() and if they
aren't
the message appears and the program exits. I would think this function is
returning
false even if the user has run the specific exe with elevated privileges
because they
are still under a normal account overall? Could this be adjusted?
I may be wrong on this just thought I would ask something no one seems to have
yet.
It would still be better as a service but this would be a stop gap solution.
Original comment by PeterTho...@gmail.com
on 4 Mar 2010 at 10:03
@PeterThorpe 81:
The properties of the executable define who has rights to access the file.
Administrators typically already have permissions. However, when run the
executable
is assigned a security token derived from the current user account. The
standard
user needs a way of communicating between the user-mode executable and the
system
driver. This is normally mediated via a system-level service. The reason
PeerBlock
currently shows a message box is because further actions would fail due to the
lack
of the administrative token.
Original comment by petercha...@dsl.pipex.com
on 7 Mar 2010 at 1:29
@ petercha...@dsl.pipex.com
I'm not sure you understood what I meant by changing the properties. I didn't
mean
the security properties to give read, write modify access...
I meant on the compatibility tab of the exe -> change settings for all users
button
-> Privilege Level tick Run this program as administrator.
This should run the program with an administrator token as far as I know and has
solved similar issues for me before. I think it's the actual code detecting the
user
account (IsUserAdmin()) causing the issue as you can't get past the dialog.
Original comment by PeterTho...@gmail.com
on 8 Apr 2010 at 9:55
I don't have that option in XP SP3 on file properties > Compatibility options.
You
might be confusing it with creating a shortcut to an executable and setting
advanced
properties to run it with a different credential. Or perhaps the shift-right
click,
Run As... dialog. This is in effect what I have to do each time I boot my
machine,
since I don't run my desktop account as administrator. However, to see the icon
in
the system tray I have to elevate my own account to administrator first for the
token, then run PeerBlock, then return to standard user. As I software engineer
I can
assure you that the IsUserAdmin() check there is for good reason. I'm still
waiting
for the architectural changes needed to separate PeerBlock's user-mode
interface from
its kernel-mode driver.
Original comment by petercha...@dsl.pipex.com
on 9 Apr 2010 at 6:58
@petercha...@dsl.pipex.com It's a vista and windows 7 menu on the exe properties
added in to work around standard users and all the user account control stuff.
The
good thing about it is you can set it for all users permanently so that
particular
program will run with admin privilege from then on no matter what their own
privileges.
I know there is a reason for the IsUserAdmin, admin is required for the level of
access the program needs to block ip addresses. Im implying it isn't working
correctly in this instance as it is detecting the users privilege not the
programs
privilege which are elevated.
Original comment by PeterTho...@gmail.com
on 12 Apr 2010 at 12:25
Certainly something that should be improved in PeerBlock then. It's always best
to
check the individual security specifics needed against the current module's
token
rather than the current user's group membership.
Original comment by petercha...@dsl.pipex.com
on 12 Apr 2010 at 6:52
(Guys I posted this in Peerblock forum but also posting here to increase
visibility)
Use SuRun (Free):-
http://kay-bruns.de/wp/software/surun/
Once installed, restart and add your username under the SuRunners Group Tab.
Then add PeerBlock (e.g. "C:\Program Files\PeerBlock\peerblock.exe") as an
allowed
program.
Under "Program options", choose:-
"Automatically start this program with elevated rights and never ask for a
password"
Under SuRuns Execution hooks, choose:-
"Start the program Automagically with elevated rights".
SuRuns also allows you to hide itself from a normal user account.
Disclaimer:- I am not affiliated with the software, or publisher. However I have
found this to be the most elegant solution to running Peerblock under a limited
account.
Original comment by lyny...@gmail.com
on 24 May 2010 at 3:19
Thank you lynysys for pointing out the program of my dreams! Brilliant stuff :)
Original comment by petercha...@dsl.pipex.com
on 24 May 2010 at 5:08
I tried SuRun. Installer runs asking for admin permission and then nothing
else.
Processes closes and nothing happens. :(
Guess it does not work with Win7 x64.
Original comment by war59312
on 24 May 2010 at 11:36
no idea how to star this but it's a huge issue for me!!
Original comment by agent.s...@gmail.com
on 30 Sep 2010 at 2:18
The tutorial on PB website that @nightstalkerz mentioned earlier still works
just fine. At least on my Win7 Pro x64 based system, using PG 1.1.
Follow the tutorial :
http://www.peerblock.com/userguide/how_to_use/htu-useraccountcontrol
But keep in mind this :
1) On the [General] tab the "When running the task, use the following user
account" Choose a user account with Administrative privileges other than the
actual 'Administrator' account (a user that belongs in the Administrator
Group).
2) Now the tricky part is on the [Trigger] Tab the "Start in (optional)" must
be the path of PB ex. "C:\Program Files\PeerBlock" without quotes.
Restart your PC and watch PB start up :)
No third party apps, no need to run PG as an Administrator or alter the
compatibility options. In anticipation of PG 2.0 this seems like a plan to me.
Original comment by sava...@hotmail.com
on 23 Nov 2010 at 9:19
When PeerBlock arrives as a service - can please do the following;
a) UI is capable of connecting to a peerblock service running on another
machine (so us server admins can use one UI instance to look after our servers)
OR
b) UI should talk to the service on the local machine and provide an MMC snapin
allowing admins to look after peerblock on multiple servers.
To support this the inter-process communication method chosen between the UI
app and the service app will need to be securable and remotable (so in all
probability - skip shared memory files and opt for named-pipes IMHO)
Great application by the way
Original comment by Demented...@gmail.com
on 5 May 2011 at 1:08
a) UI is capable of connecting to a peerblock service running on another
machine (so us server admins can use one UI instance to look after our servers)
^^ I Love it..
Peerblock is a great program, but i've got it doing various things on different
VMs. This would be awesome for me, :)
Original comment by Matt2...@gmail.com
on 22 Jun 2011 at 11:42
Original issue reported on code.google.com by
peerbloc...@gmail.com
on 23 Jun 2009 at 2:35