administrator privileges in Windows 7?

Started by obetz, November 11, 2018, 01:42:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

obetz

November 11, 2018, 01:42:58 PM
Hi,

in https://exiftool.org/install.html#Windows I read "In Windows 7, running exiftool requires administrator privileges".

This is surprising to me, since I use ExifTool as a restricted user since a long time and didn't observe problems.

What did I miss?

Oliver

Phil Harvey

#1
November 11, 2018, 08:50:23 PM
Hi Oliver,

A number of people have had problems running ExifTool under Windows 7.  These problems were solved by running as administrator.  I don't really understand why, but it could be that they needed permission to write and run programs from the temporary directory.  I have never understood why some Windows users have permission problems and others don't.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

obetz

#2
November 12, 2018, 02:52:46 AM
Hi Phil,

Quote from: Phil Harvey on November 11, 2018, 08:50:23 PM
A number of people have had problems running ExifTool under Windows 7.  These problems were solved by running as administrator.  I don't really understand why, but it could be that they needed permission to write and run programs from the temporary directory.  I have never understood why some Windows users have permission problems and others don't.

I spent now an hour to read old forum threads containing "administrator" but I didn't find evidence that running ExifTool as an administrator was either necessary to solve an access problem to the runtime in the temp directory or even a good solution of the problems reported.

Of course there are systems with broken ACL where running as administrator helps but generally advising people to run ExifTool as administrator is not the right way IMO.

Using the temp directory to store the runtime environment is a security issue anyway since malicious software can modify it easily and make itself persistent this way.

Since ExifTool is widespread, it's a suitable attack vector.

Oliver

Phil Harvey

#3
November 12, 2018, 07:12:00 AM
Hi Oliver,

I've softened the wording to "may require administrator privileges". 


I found this note by Bogdan for ExifToolGUI:

QuoteBtw. I recomment placing ExifToolGUI.exe outside Windows system directories. I.e. if you use GUI from Windows directory, then you need to run it as Administrator -otherwise GUI settings won't be saved on closing GUI.

Perhaps there is a similar difference if "exiftool.exe" is run from the Windows directory?

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

obetz

#4
November 12, 2018, 08:00:35 AM
Hi Phil,

in the W8.1 case we don't finally know whether it had worked also without admin rights after Bernd deleted the temp directories.

The W7 case is a typical case of wrong use. Putting executables in the C:\ root is "not the right way" (to be polite). You need administrator privileges to write files there. Restricted users can (and shall) create directories but not files.

That's what I wanted to express: The cases I found in the forum didn't provide evidence that administrator rights are needed to run ExifTool.

In standard setups, it should work out of the box for restricted users without administrator rights.

Running as admin may cure problems caused by strange configurations. People easily create broken ACL e.g. by moving files around. If things don't work then, they don't fix it but simply use a bigger hammer (administrator rights, "reinstall windows") to nail it.

Oliver

Phil Harvey

#5
November 12, 2018, 08:09:19 AM
Thanks Oliver,

I was getting that sense.  And you are correct... My usual response to Windows problems is to use a bigger hammer because I have a limited tolerance for dealing with system-specific problems.  (Which is a big reason ExifTool is written in Perl -- this avoids 99% of the system-specific compilation issues.  For comparison, if you look at the Exiv2 development, they spend a majority of their time dealing with system issues, while I spend most of my time dealing with metadata issues.)

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

obetz

#6
November 12, 2018, 11:44:56 AM
Hi Phil,

sorry I forgot to answer a question in a message before:

QuotePerhaps there is a similar difference if "exiftool.exe" is run from the Windows directory?

I think the effect on ExifToolGUI.exe is different: It uses a ini file beneath it, therefore it must not reside in a write protected directory.

But the Windows directory is the wrong place anyway. People just abuse it if they are too lazy to make an entry in the search path.

So even if it is not a good idea, you can put exiftool.exe in the Windows directory (this requires admin rights, of course, else you can't write there) and then execute it without admin rights. It then creates the temp folder as usual and everything works.

I just tried this as a restricted user, UAC set to strictest setting.

Irrespective of the above, Software Restriction Policies might forbid to execute programs which are not write protected, IOW the stuff currently located in the temp/par-xxx directory. Such SRPs are not set in in a "out of the box" end user W7 installation but are not unusual in company environments. I remember one case in the forum.

In such a restricted environment, a user might try to remove write access from the cache-exiftool-xxx folderas a quick and dirty (!) solution.

I have to admit that I don't know how PAR works, but using temp to extract a runtime environment doesn't look very clean to me. No complaint, just a remark.

Oliver
Print
Go Up Pages1
User actions