What happens if the account used to start or install a product doesn’t have enough privileges?

Applies to
All ApexSQL products; Windows 7 x32/x64 and prior; Windows Server 2008 R2 x32/x64 and prior

Summary
This article shows what happens if the account used to start an ApexSQL product installation doesn’t have the minimum permissions required to successfully install and use ApexSQL products

Symptoms
Installing
In order to install ApexSQL products, the account used to start the installation has to have administrative privileges
If User Account Control (UAC) doesn’t exist or is disabled, and the installation is started from a non-administrative account the following error is shown:

On the other hand, if UAC is enabled and the installation is started from a non-administrative account you are prompted to enter credentials for an administrative account, as shown:

NOTE: You have to start the installation from an administrative account, or supply administrative credentials. The installation will fail, even if started from a power user account, or if power user credentials are supplied. There is an exception to this behavior, when Group Policy is used to deploy the application to target computers in an Active Directory domain; however that scenario is beyond the scope of this article

Usage
Most of the ApexSQL installation files are copied to the location specified during the installation process. By default, that location is
%ProgramFiles%\ApexSQL\ on 32-bit, or %ProgramFiles(x86)%\ApexSQL\ on 64-bit systems
From this point forward, we will use ApexSQL Edit as a sample product; however the article applies to all ApexSQL products

ApexSQL products store application specific settings in the installation folder

Let us consider the following scenarios:

  • ApexSQL Edit is installed in /ProgramFiles\ApexSQL\ or /ProgramFiles(x86)\ApexSQL\ and UAC is nonexistent or disabled. The minimum required permissions are:

  • ApexSQL Edit is installed in %ProgramFiles%\ApexSQL\ApexSQL2008 or %ProgramFiles(x86)%\ApexSQL\ApexSQLEdit2008 and UAC is enabled. In this case the output is automatically redirected to the VirtualStore\Program Files\ApexSQL folder, located in %AppDataLocal%. The minimum required permissions are:

  • ApexSQL Edit is installed in a custom location. The minimum required permissions are:

    If the user account doesn’t have the Write permission for that folder, the following error is displayed

    and the application will fail to start

Besides the folder the ApexSQL product is installed in, additional files and folders are necessary for the product to run properly. %AppDataLocal%\ApexSQL\Common stores information on the used SQL servers (DisplayedServers.xml and LocatedServers.xml) and information relevant to the updating process. Product specific settings are stored in the %AppDataLocal%\ApexSQL\%ProductName% folders. ApexSQL Log and ApexSQL Recover store their logs in %AppDataLocal%\ApexSQL\%ProductName%\Logs. Therefore, the minimum permissions required over the %AppDataLocal%\ApexSQL folder are:

In case the user account has less permissions than shown, or can’t access the files in %AppDataLocal%\ApexSQL for any other reason, some of the ApexSQL products won’t work under that account and will throw the appropriate exception. Normally, the user has Full Control on his %AppData% folder, however, in scenarios when the company policy is to redirect the %AppData% folder to a server, instead of keeping it on the local machine, and when the network server or the domain controller is unavailable or when certain restrictive Group or Security Policies are applied, knowing the permissions sets listed above can be beneficial

About ApexSQL
ApexSQL is a leading provider of SQL Server tools for database recovery, database auditing, database comparison, documentation as well as SQL Server Management Studio and Visual Studio add-ins for SQL code refactoring, code completion and database source control. We strive to ensure that every one of our tools is standard-defining product in its class, from feature set, to performance, interface and quality

Last updated
July 29, 2012