Vista + Standard User + UAC = No Workie

Ok, backups do work, just not at all as expected.

So perhaps this has been covered already but here is the deal.

If I have a standard user with no admin priveledges on Vista, UAC
kicks in when ATI 11 starts up. User selects an admin user and
enters password. So far no problem. Everthing seems to work.
Problem is, ATI is no longer running as the orginal user it appears to now
be running as the admin user.
So if the user selects his windows mail to be backed up, he will be
sorely disapointed as the email of the admin user is backed up rather than his.

Lots of other stuff, like when ATI cranks up a browser, the browser runs
as the admin user rather than the user that started ATI.
So Favorites are wrong, and any downloads will be downloaded to the
wrong account.

Also, couldn't burn the bootable media when the user didn't have Admin privs.
Even after the UAC grant. A message about the device being busy was reported.
Once I added admin privs to the user, a CD could be burned.

Anyway, is there anyway to really use True Image to back up user data
using the "My Data", "M e-mail", etc... options for those folks that don't want
to run their users with admin privileges?

Also, it would be really nice to login as the real "Administrator"
(not some admin priv user) and have the ability in ATI to select which user
to backup - but thats a product enhancement.


--- bill

BTW, I'm running the True Image Home 11 8,053 Trial version if that matters.

 

Gday Bill ,i am not an expert on Acronis or Vista but i had all sorts of problems with UAC.Have turned it off and many problems disappeared.Worked for me.Cheers flylor

 

This will not solve the problem because Acronis TI needs to have Admin
priviledges to run. So if UAC is turned off, an ordinary user would not be able
to use it at all because they couldn't elevate themselves to have
admin privs.

My guess is that if it is working for you, you are using an account
with admin priviledges and are not using a "Standard User" account.


My problem is that ordinary users can't run ATI but the UAC mechanism in
Vista to elevate them to admin priviledges changes who they are with respect
to ATI so backups don't backup the right stuff.

And since ATI only backs up the personal files of the user it thinks is
running the application, I can't see how to backup the personal files
and settings of ordinary users without having to resort to image backups.

It would be extremely nice if ATI would allow backing up/restoring specific users
files & settings rather than only the "current/active" user - which currently
is incorrect when using UAC. If this were there, it would completely
solve the problem.

Anybody else seeing this problem? or have a way to work around it?



--- bill

 

Basically, this is a design fault in Vista. Every time you want to run a program like TI, you are asked to approve it's running. That's stupid, annoying and bad design. Vista should be able to remember that the program is approved and just let it run. That way your Standard user would be backing up the Standard user's files. Instead, it's a mess for even users with admin rights, so people turn off UAC.

We can thank the other Bill for this wonderful upgrade.

 

UAC is worse than just approving a program to run with admin privs.
The child program appears to be created with a user Id of the admin user
selected and authenticated by UAC.
(This must cause all sorts of problems with file permissions and ownerships)

I have to believe that there is a work around from the ATI side.
I'm not familiar enough with NT's user security model. Even if there
isn't the concept of a an effective user ID as well as the real user ID,
I have to believe that there is a way to walk the process tree and figure
out the real user ID of the person that kicked off the ATI program.
It would just be a small addition to their code and would not be changing
the way the code works.
ATI should assume that the active user running ATI process is bogus and
do whatever it takes to figure out the real user that started the program.

And what about XP? What if I want to have non priviledged user accounts?
How the heck do those users run ATI?


Alternatively, what would be even better woudl be if ATI did not care what user
runs the program but then allowed selection
of which user to back up or restore, perhaps even multiple users.
Doing this can't be a security issue, because if admin privs are required
just to run ATI, then the person has enough privs to access anybody elses
files anyway.

While this method would be much better and would work for both XP as well
as Vista it would require considerably more work than just a small routine to figure
out real Vista user that kicked off the ATI
program and then using the rest of the code as is.

Any comments from Acronis

--- bill

 

How about using
RUNAS /user:administrator
from the command prompt?
If that works, then you can put it in a .bat file and create a shortcut to it so you can start it. This works for Vista and XP.

I also thought that Vista had a "run as administrator" option in the context menu when you right click on a program.

 

Ok so I did manage to get something to work using RUNAS
Its not pretty and it has limitations.

The RUNAS command can be made to work.
This is the command line:
C:\WINDOWS\System32\runas.exe /env /user:administrator "c:\Program Files\Acronis\TrueImageHome\TrueImage.exe"

When this starts up, a command prompt dialog box will prompt
for the "Administrator" user password.
Once entered, ATI starts up and seems to run as the original user.

The key is the "/env" option which preserves the original users environment.

When using UAC or "run as administrator", the original users environment
is replaced by the selected adminstrator users's environment.
ATI currently assumes that the user indicated by the environment is the one that started it
and it uses that user for backing up user specific data. When using UAC
or "Run as administrator" with non priviledged users, ATI incorrecly picks
the wrong user.

When using the RUNAS command with the /env option,
ATI picks the correct user.

Now for the bad news, for some reason this only works for the REAL
administrator user, which i'm guessing very few people enable.
Using any other user with admin privs for the /user: option will error with
the error:
740: The reqeusted operation requires elevation.

------------------------------------------------
I can't believe that others aren't having issues with this.
Are most folks simply setting up their machines with 1 user that
has full admin privs or am I missing some magic way of doing things
that avoids these issues?
Is there some way to configure the default environment behavior for
"run as....." operations?

Bottom line, Acronis should address this somehow.
It would be wonderful if ATI would let you select the desired user
if it "notices" that more than one is enabled. That way it could
be simple (the way it is now) for simple single user configurations
and offer user selection for machines that have multiple users.


--- bill

 

The problem here isn't UAC or Vista, as they are working as intended. ATI includes an application manifest which tells Vista it requires administrative privileges. Vista is only doing as its told when it requests a different user. By elevating to an administrator you are effectively running that program as a new user, its more secure this way.

Acronis need to create a portion of their program which will run without needing administrative rights and be able to backup user data.

 

Hello bperrybap,

Thank you for choosing Acronis Disk Backup Software.

Please submit a request for technical support. Attach all information to your request and the link to this thread. We will investigate the problem and try to provide you with a solution.

Thank you.
--
Marat Setdikov

 

Marat,
I tried that already and I can't.
I'm still evaluating the product using the trial version and apparently
the WEB support site entry form won't let you enter a full technical support
request on a trial version of the product.
It sends it in as a pre-sales question. I entered in some information
and then put in a link to this thread.

What else can/should I do?

I think this thread pretty well documents the issue.
If an exact sequence of steps is needed to show the problem
I will happily write that up as well. Just tell me how to submit it.

I'm working on this issue and a lockup issue that I'd like to get some
sort of resolution on before I purchase full versions/licenses.

--- bill

 

Hello all,

Thank you for choosing Acronis Disk Backup software

bperrybap, "pre-sales" support request is ok. Could you please let me know your Acronis request # which was sent to you in autoreply to your letter? I will find out how the investigation of your issue is going.

Thank you.
--
Michael Levchenko

 

Have you tried SuRun? The newest version works in Vista. That should solve your problem.

 

Here is the request # for future reference: 1332513

So far, email responses from Acronis support have been pretty timely.
I've exchanged a few messages and responded with a full step by step
procedure on how to replicate what I'm seeing.
I'll post further when there is additional information.

--- bill

 

Hi Bill

You're not the only one encountering this problem; I have had same trying to backup Email. I have a work around which suits me: running as standard vista admin I subset folders under C:\Users - specifically for Email you would need to include C:\Users\<username>\AppData\Local\Microsoft\Windows Mail & C:\Users\<username>\Contacts. Hope this helps