Avatar for Username

Prohledat stránky podpory

Vyhněte se podvodům. Za účelem poskytnutí podpory vás nikdy nežádáme, abyste zavolali nebo poslali SMS na nějaké telefonní číslo nebo abyste sdělili své osobní údaje. Jakékoliv podezřelé chování nám prosím nahlaste pomocí odkazu „Nahlásit zneužití“.

Learn More

Toto vlákno bylo archivováno. Pokud potřebujete pomoci, založte prosím nový dotaz.

Firefox changes registry path with auto-update | UAC issue

  • 2 odpovědi
  • 1 má tento problém
  • 33 zobrazení
  • Poslední odpověď od ronronron

ronronron
ronronron
more options

On test clients we deployed the "Firefox Setup 60.7.0esr.exe" (32bit) with default settings with Microsoft SCCM and on other test clients we installed it as a normal user without admin rights and typed in the local admin password to install it manually (for comparison). So the standard install folder is "C:\Program Files (x86)\Mozilla Firefox" and the registry key is "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.0 ESR (x86 de)". Now the update 60.7.1 released. Problem 1: The normal users didn't have the "modify" rights for "C:\Program Files (x86)\Mozilla Firefox", so the update installer asks with the UAC for admin rights. -> I changed the permissions of the folder with powershell.

Problem 2: Now the update process works and replaced the files in "C:\Program Files (x86)\Mozilla Firefox", BUT the registry keeps the path "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.0 ESR (x86 de)" and creates a new path "Computer\HKEY_USERS\*USERID*\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.1 ESR (x86 de)". So the "Programs and Features" under Windows are showing both versions and of course the SCCM is detecting both versions.

What is the normal and clean update process without this entries in the user registry in an enterprise environment?

On test clients we deployed the "Firefox Setup 60.7.0esr.exe" (32bit) with default settings with Microsoft SCCM and on other test clients we installed it as a normal user without admin rights and typed in the local admin password to install it manually (for comparison). So the standard install folder is "C:\Program Files (x86)\Mozilla Firefox" and the registry key is "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.0 ESR (x86 de)". Now the update 60.7.1 released. Problem 1: The normal users didn't have the "modify" rights for "C:\Program Files (x86)\Mozilla Firefox", so the update installer asks with the UAC for admin rights. -> I changed the permissions of the folder with powershell. Problem 2: Now the update process works and replaced the files in "C:\Program Files (x86)\Mozilla Firefox", BUT the registry keeps the path "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.0 ESR (x86 de)" and creates a new path "Computer\HKEY_USERS\*USERID*\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 60.7.1 ESR (x86 de)". So the "Programs and Features" under Windows are showing both versions and of course the SCCM is detecting both versions. What is the normal and clean update process without this entries in the user registry in an enterprise environment?

Upravil uživatel ronronron dne

Všechny odpovědi (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I think that you would normally use the Mozilla Maintenance Service to prevent UAC issues and make it possible to update without requiring write permission.

ronronron
ronronron Autor dotazu
more options

cor-el said

I think that you would normally use the Mozilla Maintenance Service to prevent UAC issues and make it possible to update without requiring write permission.

I think you mean the '"app.update.service.enabled" = true' option, right? Of course, the Mozilla Maintenance Service is installed, but on a normal client the update comes up with the UAC everytime.. The "app.update.service.errors" isn't there, should I create it by myself and set it to 0? -> Tested, but this doesn't change anything.

The Mozilla Maintenance log are some privilege errors (even if the user has full rights on the folder): Could not disable token privilege value: SeCreateTokenPrivilege. (1300) Could not disable token privilege value: SeEnableDelegationPrivilege. (1300) Could not disable token privilege value: SeMachineAccountPrivilege. (1300) Could not disable token privilege value: SeRelabelPrivilege. (1300) Could not disable token privilege value: SeRemoteShutdownPrivilege. (1300) Could not disable token privilege value: SeSyncAgentPrivilege. (1300) Could not disable token privilege value: SeTrustedCredManAccessPrivilege. (1300) Could not disable token privilege value: SeUnsolicitedInputPrivilege. (1313)

Are there other settings or registry keys which maybe could be changed by ACLs to block/unblock the UAC/Maintenance Service?

Upravil uživatel ronronron dne