Running NSIS Setup with username and password

Question

How can i integrate userid and password in NSIS script which will enable to runas admin mode?

I have a simple NSIS Script which copy my application file to program files. This script works in admin mode. i have to install this on several machine with admin(Administrator) and password(CorpPass@2424) without giving UAC Dialog.

Sample Script

# This installs two files, app.exe and logo.ico, creates a start menu shortcut, builds an uninstaller, and
# adds uninstall information to the registry for Add/Remove Programs

# To get started, put this script into a folder with the two files (app.exe, logo.ico, and license.rtf -
# You'll have to create these yourself) and run makensis on it

# If you change the names "app.exe", "logo.ico", or "license.rtf" you should do a search and replace - they
# show up in a few places.
# All the other settings can be tweaked by editing the !defines at the top of this script
!define APPNAME "TEST App Name"
!define COMPANYNAME "TEST NAME"
!define DESCRIPTION "A short description goes here"
# These three must be integers
!define VERSIONMAJOR 1
!define VERSIONMINOR 1
!define VERSIONBUILD 1
# These will be displayed by the "Click here for support information" link in "Add/Remove Programs"
# It is possible to use "mailto:" links in here to open the email client
!define HELPURL "http://..." # "Support Information" link
!define UPDATEURL "http://..." # "Product Updates" link
!define ABOUTURL "http://..." # "Publisher" link
# This is the size (in kB) of all the files copied into "Program Files"
!define INSTALLSIZE 7233

RequestExecutionLevel admin ;Require admin rights on NT6+ (When UAC is turned on)

InstallDir "$PROGRAMFILES\${COMPANYNAME}\${APPNAME}"

# rtf or txt file - remember if it is txt, it must be in the DOS text format (\r\n)
LicenseData "license.rtf"
# This will be in the installer/uninstaller's title bar
Name "${COMPANYNAME} - ${APPNAME}"
Icon "logo.ico"
outFile "sample-installer.exe"

!include LogicLib.nsh

# Just three pages - license agreement, install location, and installation
page license
page directory
Page instfiles

!macro VerifyUserIsAdmin
UserInfo::GetAccountType
pop $0
${If} $0 != "admin" ;Require admin rights on NT4+
        messageBox mb_iconstop "Administrator rights required!"
        setErrorLevel 740 ;ERROR_ELEVATION_REQUIRED
        quit
${EndIf}
!macroend

function .onInit
    setShellVarContext all
    !insertmacro VerifyUserIsAdmin
functionEnd

section "install"
    # Files for the install directory - to build the installer, these should be in the same directory as the install script (this file)
    setOutPath $INSTDIR
    # Files added here should be removed by the uninstaller (see section "uninstall")
    file "app.exe"
    file "logo.ico"
    # Add any other files for the install directory (license files, app data, etc) here

    # Uninstaller - See function un.onInit and section "uninstall" for configuration
    writeUninstaller "$INSTDIR\uninstall.exe"

    # Start Menu
    createDirectory "$SMPROGRAMS\${COMPANYNAME}"
    createShortCut "$SMPROGRAMS\${COMPANYNAME}\${APPNAME}.lnk" "$INSTDIR\app.exe" "" "$INSTDIR\logo.ico"

sectionEnd

# Uninstaller

function un.onInit
    SetShellVarContext all

    #Verify the uninstaller - last chance to back out
    MessageBox MB_OKCANCEL "Permanantly remove ${APPNAME}?" IDOK next
        Abort
    next:
    !insertmacro VerifyUserIsAdmin
functionEnd

section "uninstall"

    # Remove Start Menu launcher
    delete "$SMPROGRAMS\${COMPANYNAME}\${APPNAME}.lnk"
    # Try to remove the Start Menu folder - this will only happen if it is empty
    rmDir "$SMPROGRAMS\${COMPANYNAME}"

    # Remove files
    delete $INSTDIR\app.exe
    delete $INSTDIR\logo.ico

    # Always delete uninstaller as the last action
    delete $INSTDIR\uninstall.exe

    # Try to remove the install directory - this will only happen if it is empty
    rmDir $INSTDIR

    # Remove uninstaller information from the registry
    DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}"
sectionEnd

Answer 1

If you have Administrator ID and password you can directly authenticate and execute command

VB Script

dim WshShell,FSO ,currDir


set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")
currDir = FSO.GetAbsolutePathName(".")

sUser="Admin"
sPass="Password_123"&VBCRLF
sCmd= currDir &"\MySetup.exe"

if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
set WshShell=Nothing
set WshEnv=Nothing
set FSO=Nothing
wscript.quit
end if

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
Wscript.Sleep 90 
WshShell.AppActivate(WinPath) 
WshShell.SendKeys sPass

set WshShell=Nothing
set WshEnv=Nothing
set FSO=Nothing

wscript.quit

Answer 2

You cannot bypass UAC, a user has be present to interact with the UAC dialog on the secure desktop.

On Windows 2000/XP/2003 you can use runas/CreateProcessAsUser to start a new process as a different user and on those systems it is possible to elevate to administrator (On 2003 this is less likely to work because you probably don't have the required privilege). This is not possible on Vista+ because UAC introduces split tokens, this means that a user that is a member of the administrators group is not really a administrator with full access until they go through the UAC dialog and "unlocking" the unlimited token.

If you only need to start a new process as a particular user then that can still be done with LogonUser+CreateProcessAsUser but it will not allow you to bypass UAC and get a unlimited administrator token if your starting point is a non-elevated process.

A NT service running as System can get access to the unlimited token but this of course means that you have to elevate with UAC at least once to install the service in the first place...