Vista + Standard User + UAC = No Workie

Discussion in 'Acronis True Image Product Line' started by bperrybap, Feb 11, 2008.

Thread Status:
Not open for further replies.
  1. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    Ok, backups do work, just not at all as expected.

    So perhaps this has been covered already but here is the deal.

    If I have a standard user with no admin priveledges on Vista, UAC
    kicks in when ATI 11 starts up. User selects an admin user and
    enters password. So far no problem. Everthing seems to work.
    Problem is, ATI is no longer running as the orginal user it appears to now
    be running as the admin user.
    So if the user selects his windows mail to be backed up, he will be
    sorely disapointed as the email of the admin user is backed up rather than his.

    Lots of other stuff, like when ATI cranks up a browser, the browser runs
    as the admin user rather than the user that started ATI.
    So Favorites are wrong, and any downloads will be downloaded to the
    wrong account.

    Also, couldn't burn the bootable media when the user didn't have Admin privs.
    Even after the UAC grant. A message about the device being busy was reported.
    Once I added admin privs to the user, a CD could be burned.

    Anyway, is there anyway to really use True Image to back up user data
    using the "My Data", "M e-mail", etc... options for those folks that don't want
    to run their users with admin privileges?

    Also, it would be really nice to login as the real "Administrator"
    (not some admin priv user) and have the ability in ATI to select which user
    to backup - but thats a product enhancement.


    --- bill

    BTW, I'm running the True Image Home 11 8,053 Trial version if that matters.
     
    Last edited: Feb 11, 2008
  2. flylor

    flylor Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    6
    Gday Bill ,i am not an expert on Acronis or Vista but i had all sorts of problems with UAC.Have turned it off and many problems disappeared.Worked for me.Cheers flylor
     
  3. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    This will not solve the problem because Acronis TI needs to have Admin
    priviledges to run. So if UAC is turned off, an ordinary user would not be able
    to use it at all because they couldn't elevate themselves to have
    admin privs.

    My guess is that if it is working for you, you are using an account
    with admin priviledges and are not using a "Standard User" account.


    My problem is that ordinary users can't run ATI but the UAC mechanism in
    Vista to elevate them to admin priviledges changes who they are with respect
    to ATI so backups don't backup the right stuff.

    And since ATI only backs up the personal files of the user it thinks is
    running the application, I can't see how to backup the personal files
    and settings of ordinary users without having to resort to image backups.

    It would be extremely nice if ATI would allow backing up/restoring specific users
    files & settings rather than only the "current/active" user - which currently
    is incorrect when using UAC. If this were there, it would completely
    solve the problem.

    Anybody else seeing this problem? or have a way to work around it?



    --- bill
     
  4. jmk94903

    jmk94903 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3,329
    Location:
    San Rafael, CA
    Basically, this is a design fault in Vista. Every time you want to run a program like TI, you are asked to approve it's running. That's stupid, annoying and bad design. Vista should be able to remember that the program is approved and just let it run. That way your Standard user would be backing up the Standard user's files. Instead, it's a mess for even users with admin rights, so people turn off UAC.

    We can thank the other Bill for this wonderful upgrade.
     
  5. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    UAC is worse than just approving a program to run with admin privs.
    The child program appears to be created with a user Id of the admin user
    selected and authenticated by UAC.
    (This must cause all sorts of problems with file permissions and ownerships)

    I have to believe that there is a work around from the ATI side.
    I'm not familiar enough with NT's user security model. Even if there
    isn't the concept of a an effective user ID as well as the real user ID,
    I have to believe that there is a way to walk the process tree and figure
    out the real user ID of the person that kicked off the ATI program.
    It would just be a small addition to their code and would not be changing
    the way the code works.
    ATI should assume that the active user running ATI process is bogus and
    do whatever it takes to figure out the real user that started the program.

    And what about XP? What if I want to have non priviledged user accounts?
    How the heck do those users run ATI?


    Alternatively, what would be even better woudl be if ATI did not care what user
    runs the program but then allowed selection
    of which user to back up or restore, perhaps even multiple users.
    Doing this can't be a security issue, because if admin privs are required
    just to run ATI, then the person has enough privs to access anybody elses
    files anyway.

    While this method would be much better and would work for both XP as well
    as Vista it would require considerably more work than just a small routine to figure
    out real Vista user that kicked off the ATI
    program and then using the rest of the code as is.

    Any comments from Acroniso_O

    --- bill
     
    Last edited: Feb 12, 2008
  6. SmellyCat

    SmellyCat Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    6
    How about using
    RUNAS /user:administrator
    from the command prompt?
    If that works, then you can put it in a .bat file and create a shortcut to it so you can start it. This works for Vista and XP.

    I also thought that Vista had a "run as administrator" option in the context menu when you right click on a program.
     
  7. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    Ok so I did manage to get something to work using RUNAS
    Its not pretty and it has limitations.

    The RUNAS command can be made to work.
    This is the command line:
    C:\WINDOWS\System32\runas.exe /env /user:administrator "c:\Program Files\Acronis\TrueImageHome\TrueImage.exe"

    When this starts up, a command prompt dialog box will prompt
    for the "Administrator" user password.
    Once entered, ATI starts up and seems to run as the original user.

    The key is the "/env" option which preserves the original users environment.

    When using UAC or "run as administrator", the original users environment
    is replaced by the selected adminstrator users's environment.
    ATI currently assumes that the user indicated by the environment is the one that started it
    and it uses that user for backing up user specific data. When using UAC
    or "Run as administrator" with non priviledged users, ATI incorrecly picks
    the wrong user.

    When using the RUNAS command with the /env option,
    ATI picks the correct user.

    Now for the bad news, for some reason this only works for the REAL
    administrator user, which i'm guessing very few people enable.
    Using any other user with admin privs for the /user: option will error with
    the error:
    740: The reqeusted operation requires elevation.

    ------------------------------------------------
    I can't believe that others aren't having issues with this.
    Are most folks simply setting up their machines with 1 user that
    has full admin privs or am I missing some magic way of doing things
    that avoids these issues?
    Is there some way to configure the default environment behavior for
    "run as....." operations?

    Bottom line, Acronis should address this somehow.
    It would be wonderful if ATI would let you select the desired user
    if it "notices" that more than one is enabled. That way it could
    be simple (the way it is now) for simple single user configurations
    and offer user selection for machines that have multiple users.


    --- bill
     
    Last edited: Feb 13, 2008
  8. Stalks

    Stalks Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    28
    The problem here isn't UAC or Vista, as they are working as intended. ATI includes an application manifest which tells Vista it requires administrative privileges. Vista is only doing as its told when it requests a different user. By elevating to an administrator you are effectively running that program as a new user, its more secure this way.

    Acronis need to create a portion of their program which will run without needing administrative rights and be able to backup user data.
     
  9. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
  10. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    Marat,
    I tried that already and I can't.
    I'm still evaluating the product using the trial version and apparently
    the WEB support site entry form won't let you enter a full technical support
    request on a trial version of the product.
    It sends it in as a pre-sales question. I entered in some information
    and then put in a link to this thread.

    What else can/should I do?

    I think this thread pretty well documents the issue.
    If an exact sequence of steps is needed to show the problem
    I will happily write that up as well. Just tell me how to submit it.

    I'm working on this issue and a lockup issue that I'd like to get some
    sort of resolution on before I purchase full versions/licenses.

    --- bill
     
  11. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello all,

    Thank you for choosing Acronis Disk Backup software

    bperrybap, "pre-sales" support request is ok. Could you please let me know your Acronis request # which was sent to you in autoreply to your letter? I will find out how the investigation of your issue is going.

    Thank you.
    --
    Michael Levchenko
     
  12. tlu

    tlu Guest

    Have you tried SuRun? The newest version works in Vista. That should solve your problem.
     
  13. bperrybap

    bperrybap Registered Member

    Joined:
    Feb 11, 2008
    Posts:
    7
    Here is the request # for future reference: 1332513

    So far, email responses from Acronis support have been pretty timely.
    I've exchanged a few messages and responded with a full step by step
    procedure on how to replicate what I'm seeing.
    I'll post further when there is additional information.

    --- bill
     
  14. Tot

    Tot Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    2
    Hi Bill

    You're not the only one encountering this problem; I have had same trying to backup Email. I have a work around which suits me: running as standard vista admin I subset folders under C:\Users - specifically for Email you would need to include C:\Users\<username>\AppData\Local\Microsoft\Windows Mail & C:\Users\<username>\Contacts. Hope this helps
     
Thread Status:
Not open for further replies.