Hi, On Fri, Sep 11, 2020 at 1:58 AM Gert Doering <g...@greenie.muc.de> wrote:
> Hi, > > On Thu, Sep 10, 2020 at 06:10:17PM -0700, Marvin wrote: > > To All 3, > > Thank you with your help I found the issue. UAC was disabled in the > > registry on this image. IIRC we had trouble updating some software by > > automated script and turning UAC off was required. > > > > After re-enabling UAC, wintun started normally. > > Cool, thanks for digging into this and reporting back. > > Selva, is there any reasonable way to detect this? Or do we just go > for "we always use the iservice if it is running, no matter what > privs the GUI is running with"? I think TokenElevationType will indicate whether using split token (UAC enabled) or not. Personally, I would like to show a warning when the GUI is started with privileges but some users may not like it. And we could make iservice a requirement for the GUI. The service is mature enough now and has become a necessity with wintun support. Although we don't have any reason not to connect to named pipes as admin in post-vista systems, the idea that the GUI should be run without elevated privileges appeals to me. Unless the user has taken deliberate steps to force running it as admin, it just works that way. Disabling UAC and then log in as admin for day to day work is like using root for browsing the web. That said, I won't object to a patch that removes the restriction when the runtime version is Win7 and newer. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
