From: Joseph M. Newcomer on
See below...
On Thu, 21 Jan 2010 11:03:35 -0800, "David Ching" <dc(a)remove-this.dcsoft.com> wrote:

>"Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message
>news:ad3hl5l0u9decvt68kjikjk81l39nk5fgk(a)4ax.com...
>> First: you should probably not be doing this. Drivers are installed when
>> the hardware is
>> detected.
>>
>> Second: if you don't have hardware, what is the driver doing?
>>
>> Third: This will require privileges, which means that for a large number
>> of potential
>> customers, these privileges will not be available, and the product will
>> fail. If the
>> driver has no hardware, the driver should be installed by the normal
>> install procedure
>> that installs your app, not by executable code in the app itself.
>> Administratively, this
>> solves the problem, because in secure sites, the administrator gets to
>> make the decision
>> about the installation.
>>
>> Fourth: if a program came up and asked me about installing a driver, I
>> would know that it
>> was a piece of malware.
>
>Many hardware devices come with software utilities that copy the driver from
>the downloaded installer or CD media into the driver cache. That's what
>SetupCopyOEMInf() file does. That way if the user chooses to install the
>software prior to plugging the device, when they do install the device, PnP
>detects the driver in the cache and seemlessly activates it. MS encourages
>this behavior; they want to make it a seemless experience whether the user
>plugs the device first or installs the software first.
>
>It also makes it possible for the administrator to preload the software and
>driver prior to deploying the PC to the end user in a corporation so that
>when the end user does get the hardware and plugs it, no Admin privilege is
>required to install any drivers.
***
Which is why it should be part of the installation script (which has the provision for
doing this...we just delivered a product that works this way) and not part of the
executable code of the program.
joe
***
>
>In short, what the OP is asking for is a MS recommended pattern.
>
>-- David
>
Joseph M. Newcomer [MVP]
email: newcomer(a)flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
From: David Ching on
"Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message
news:cnbhl5d90agt9bfc1qkkh2rjjg27hdp3lf(a)4ax.com...
> Which is why it should be part of the installation script (which has the
> provision for
> doing this...we just delivered a product that works this way) and not part
> of the
> executable code of the program.

The program might be a custom installer, or a plug-in to an installer
framework. I've written several.

-- David


From: Pete Delgado on

"Alexander Grigoriev" <alegr(a)earthlink.net> wrote in message
news:uB2%23eyqmKHA.1824(a)TK2MSFTNGP04.phx.gbl...
> The application itself needs to be started under unrestricted
> Administrator account.

Not true. The COM elevation moniker allows programs running underneath a
filtered token to isolate specific functionality that requires an unfiltered
token or administrative privileges. See
http://msdn.microsoft.com/en-us/library/ms679687(VS.85).aspx

There are also several variables here including whether group policy or
local policy allows driver installation by the user or whether the user has
the specific rights on the machine to install a driver.

-Pete


From: JY on

"David Ching" wrote:

> "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message
> news:cnbhl5d90agt9bfc1qkkh2rjjg27hdp3lf(a)4ax.com...
> > Which is why it should be part of the installation script (which has the
> > provision for
> > doing this...we just delivered a product that works this way) and not part
> > of the
> > executable code of the program.
>
> The program might be a custom installer, or a plug-in to an installer
> framework. I've written several.
>
> -- David

Exactly. It is a custom installer (an MFC application, and no install script
should be used), and the device driver is to be pre-installed. The user
should then plug-in the device and do some operations using this EXE itself.
After the operations on the device is complete, the device driver should be
completely uninstalled.

So, my questions are:
1. I looked through the other replies, but haven't got the exact privilege
level to be used for admin mode actions. What is the privelege level to be
used?
(If I use what's shown here:
http://msdn.microsoft.com/en-us/library/aa446619(VS.85).aspx )

2. Given that I want to temporarily install the device driver, what would be
the best APIs to use ? (so that no entries go into even Add / Remove
progams)? Would DriverPackageInstall/ DriverPackagePreInstall() be the best
choices (from DIFx)?

Thanks,
JY
From: David Ching on
> 1. I looked through the other replies, but haven't got the exact privilege
> level to be used for admin mode actions. What is the privelege level to be
> used?
> (If I use what's shown here:
> http://msdn.microsoft.com/en-us/library/aa446619(VS.85).aspx )
>

Wrong page. Search for "manifest requireAdministrator".


> 2. Given that I want to temporarily install the device driver, what would
> be
> the best APIs to use ? (so that no entries go into even Add / Remove
> progams)? Would DriverPackageInstall/ DriverPackagePreInstall() be the
> best
> choices (from DIFx)?
>

I haven't used DIFx, but doesn't SetupCopyOEMInfFile() do the job?

Also, do you support when the user plugs the device first and then cancels
the installation when Windows can't find the driver? There is a way for
your app to later install the driver and then bind it to the cancelled
hardware installation to activate the device. I've never done that.

-- David