LUA Questions

Discussion in 'other security issues & news' started by dw426, Aug 24, 2010.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm currently running LUA, and growing frustrated. Things SEEM to install, but then they either stop working or I can't find where they are installed to. A couple of examples:

    CCleaner: Why the hell won't this thing even show up after an install? I got ONE clean out of it, it didn't even bother to clean IE junk files and Chrome wasn't even listed as an option to clean, even though Chrome is installed as well. Then, I reboot, and suddenly CCleaner isn't even listed as an installed program, no desktop icon, no listing anywhere, no folder anywhere. Where the &*^! did it go?

    Chrome: I installed it under LUA. It works just dandy...but where is it? I know it's supposed to install to the User profile under LUA, but it isn't even there. It's like it doesn't exist.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    In your admin account, move the program's shortcut from the admin's Start Menu (C:\Users\youradminaccount\AppData\Roaming\Microsoft\Windows\Start Menu) to the global Start Menu (C:\ProgramData\Microsoft\Windows\Start Menu).

    You should normally install programs in an admin account.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I thought you could install programs in your LUA account by using your Admin password? Installing things to the Admin account to use in the LUA account kind of defeats the purpose, doesn't it? I admit to be extremely confused, and reading about it elsewhere just seems to repeat the same exact information.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Yes that's fine, because when you use the admin password in your LUA account, you actually are using your admin account to install.

    You may wish to look into either SuRun or the method at https://www.wilderssecurity.com/showthread.php?t=273769.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I figured putting in the password made me admin, so I can't figure out why things are acting up like they are. *Sigh* Thanks for the thread, I'll take a look. This is my last day screwing with this stuff, lol. I was doing fine and not getting malware on my Admin account without the help of anti-executables and all that. I should know better by now than to let all these threads about POCs, 64bit rootkits and bypasses get inside my head. It never fails that I start feeling uneasy and then going and getting myself into messes when I was doing perfectly grand.
     
  6. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    IMO, you're making a mistake by installing software using the 'Runas' command. You should be fully logged into an Admin. account. This way, you have full control over all aspects of the installation.
    I'm not saying 'Runas' won't work, but there are some aspects (for one example: moving/removing created shortcuts post-installation) that you won't have control over.

    It's a bit like the CEO of a company giving instructions to his managers over the phone rather than in person. The instructions themselves are the same, but there's a different dynamic involved in a face-to-face vs. a phone conversation.

    In simplified form, I believe you should look at the Admin. account as existing for installing software, while the LUA exists for using that software.
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543

    I kind of agree, though honestly I'm listening to advice where I can get it because this is my first venture into LUA in a LONG time, we're talking years. It seems like everything I do install, works fantastic over in the admin account, but gives all sorts of issues when trying to use it in the LUA account. I'm ALL for doing away with as many security apps as I can and relying on the OS, making things lighter and, hopefully, easier. It sounds crazy to some of you veterans I'm sure, but I felt safer and things were a whole lot easier when I was using 3rd party security and running admin. I'm just used to it I guess, and, though I'm attempting to learn, eventually it comes down to how much longer do I want/need to spend on "batting down the hatches" in, what some of you guys call, a more simplified form? Eventually, (like, now) I want/need to do things and have usability over security.
     
  8. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667

    Take a deep breath, the problems you are encountering are common :D
    But they are mostly workaroundable; especially with "fast user switching"

    I usually run CCleaner as root (as it needs to clean registery etc).

    Now: cannot find programs issue. The problem is that microsoft default settings are not very friendly towards LUA. Most of the issues can be mitigated using SuRun. The problem is that when you install using the admin account, it uses your admin path, and other settings. And then when you in your LUA, things dont work right.
    SuRun is designed to take care of this issue, it will given admin privileges (temporarily) but it will feed your LUA environment variables to the program installation.

    So, even for things that need to run as root, I install using SuRun from my LUA, then when I need to run them, I run them again using SuRun in my LUA account.

    I encountered exactly the problem you mentioned with CCleaner (I had installed it in my admin account). So then I installed it again using SuRun in my LUA, so now its available in both accounts :D

    The name SuRun comes from the "su" command in linux, used usually to run as root.

    Trust me, LUA causes pain the first week; and then its like a nice security blanket, all warm and fuzzy :)

    You are almost to the warm and fuzzy part :D
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    @dw426

    A few questions for you. What OS are you running? Is this a new install or old? Is this LUA you have made a new account or an admin account that was demoted to user? If on vista/7, what are your UAC settings?

    This might help to know.

    Sul.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hi Sully, I'm on Windows 7 Home Premium 64bit Edition. The OS install is new as I needed to reinstall anyway for an off-topic reason. The LUA is a separate user, I left my default admin account alone. My UAC settings are on maximum as I don't mind it asking me about installs. Sadly it's the only pop-up I have the patience for, lol.
     
    Last edited: Aug 24, 2010
  11. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    I saw in another thread where you mentioned LUA being a PITA due to all of your personal files being created under an Admin. account.
    The solution to that is to log onto the Admin. account, then move whatever personal files to a 'common area' where the LUA has read privileges.

    Then log onto the LUA, and copy those files to wherever you want them.
    You now have those files under full control with your LUA privileges. (As well as of course retaining full control with Admin. privileges.)
    Then log back onto the Admin. account and delete the files you originally moved to the common area, if you want to avoid duplicates.

    No question there's a period of adjustment when deciding to move to using the computer mostly under a LUA.
    But this is why the human species was formed as an adaptable breed-- though some adapt better than others, I suppose.

    I adapted. I don't even like being logged onto my Admin. account anymore. That's no longer where I'm comfortable conducting my computer business from.
    And 99% of everything I want to do on a computer, I can do from my LUA.

    You mentioned you install lots of software on a daily basis. Well, LUA isn't much use for that, that's a fact.
    I don't do that, so I have little concern in that regard.
    We must each decide what's right for ourselves-- that's the bottom line.

    Good luck to you, however you end up playing it.
     
  12. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't pretend to be a LUA expert, and I am only now beginning to understand the actual workings of UAC and all... but I can share what little I know and have experienced :)

    I would say that in win7, you might as well use your default admin account if you are experiencing difficulties. The security token, when the LUA option is on (it is part of UAC) contains both the admin credentials as well as the user (SUA or whatever) credentials. When you need to have admin rights UAC will elevate (after prompted and depending on what UAC options are) the process being started to the admin side of the token.

    This means that your same account, being both an admin and a user, will put the things needed for every program in only one %userprofile% area. It should lead to a better transition to LUA although it does allow you to change things etc that a normal LUA could not.

    Perhaps you just need to understand how different win7 is from XP in file structure to get along with a real user/LUA account.

    Program Files (as you know, off limits to modification by users) houses the bulk of the programs still, however, some data is held in ProgramData. The old "Documents and Settings" directories are still present, however they are not real directories perse, but pointers to the new locations. The new locations are in c:\users\<user name>\... In here you will find some of what you were used to, with more of these directories that are only pointers. They usually display a padlock icon, and you cannot access them because they don't really exist.

    Anyway, you probably know by now that win7 uses Integrity Levels. There are some directories made in your %userprofile% that are specifically for use with different Integrity Levels. You might see the Local, LocalLow and Roaming directories. In these are housed some of what used to be in the "documents and settings" directories, such as AppData. But, because of how win7 lets you assign Integrity Levels, they act differently.

    For example, you can start IE in what is called "protected mode". This gives the IE process an Integrity Level (IL for short) of Low. Most of what you do as LUA runs at a Medium IL. The normal stuff at Medium IL is forbidden from doing certain things with processes running at the High IL (such as services and processes that services start). This is good, and goes along with the security token. Since IE in protected mode is running at Low IL, it is forbidden from messing with your normal Medium IL stuff that you as a user get by default. The LocalLow directory is an area that is itself at Low IL, so that IE at Low IL can have a place to access. It is not a mirror image of the Local or Roaming directories that you normally will use, only a placeholder of sorts for those processes that run at Low IL that still need a place to modify (such as cache and temp etc).

    I am telling you this because until you understand where win7 puts things, and can remember why and where, one can be pretty lost and frustrated. If you decide to stick with a real user/LUA instead of the admin/UAC/LUA approach, most programs, if coded to todays ideals, should work in LUA, they just make thier shortcuts etc in the c:\Users\<admin name>\... directory. But as a user, you cannot just barge in there and look around. A well behaved installer asks if you want it to be installed for everyone, then the c:\user\public or other such directory is used for the shortcuts/profiles/etc, allowing users access.

    While I don't have any desire to go through LUA for my everyday computing, I don't think anyone here with even mildly advanced knowledge would be much better off using a real user/LUA vs the admin/LUA/UAC default account. If you get bitten by bad things in the admin/LUA/UAC then perhaps you just don't get it or are doing things you should not, in which case only you are to blame (that is you figuratively, not anyone specific ;) )

    There is always more to tell lol. I say first understand where your things are and why they went there, then some of the headaches you experience might disappear. It is a new OS to many of us, and I even beta tested it.

    Sul.
     
  13. Soujirou

    Soujirou Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    63
    The location Chrome is installed to depends upon which installer you used. Bearing in mind I'm not aware or familiar with any differences between 32 and 64 bit OS's, if you installed it under LUA without having to enter your admin password, it should be at:

    C:\Users\[username]\AppData\Local\Google\Chrome\Application

    AppData is a hidden folder so make sure you have Windows set to display hidden folders. If you had to enter your admin password, it was probably installed to Program Files like normal.

    I haven't had many problems installing programs under LUA, I just have to enter my admin password in. Some software still hasn't been adapted to run very well under LUA though.
     
    Last edited: Aug 25, 2010
  14. tlu

    tlu Guest

    Well, this is not necessary with SuRun as already explained by wearetheborg. I'm not quite sure if the latest official version works under Win7 as I don't use that, but the latest beta 1209b14 does according to the SuRun forum. And if you don't want to use it and prefer to install apps from your admin account (or via UAC) you have to configure them under your user account - otherwise all settings would be saved in your admin profile.
     
    Last edited by a moderator: Aug 30, 2010
  15. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,742
    Hi Tlu,

    I just wanted to thank you for posting the link about LUA & SRP. It's interesting how you trap the bad guys and it looks easy to implement. I have been running Admin since day one knowing it's not a good idea. I will use SuRun a long with it.

    It will take a little getting used to but so do all new things. I read in the SuRun forum that there was a bad conflict with OA but it was a older version 4.0.0.45. I wonder if it has been solved.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.