PDA

View Full Version : Mezzmo must be run as an administrator on your operating system - why???



Ric
09-20-2011, 02:54 AM
Hi,
I don't run as an admin user normally, as is good practice, so why does Mezzmo insist on running as an Admin while launching the GUI? I can understand that for installing, but not for using.

I'm been playing with it for the last few weeks on an XP VM and it's been by far the best media server I've found yet for Windows, but this need to be admin to a major blocker. I've just installed on our "house server" - a Win2003 machine - and I really don't want people logging onto that as a domain administrator just to share an extra folder or even start to update ratings etc. And to be honest, I'd rather not have 3rd party software running as an admin account ether.

Even your use case of Dad has his library, kids have their library etc on the family PC is undermined by this - there's no way my kid is getting admin right's over my PC!

I hope there's a quick fix for this as it's the only things stopping me from purchasing. I also saw the post on separating the GUI from the Server and looking forward to seeing the full details of that too. Have already moved the DB to a different disk, and figure would be something really good to have in the installer - those DB files get pretty big!

Regards,
-Richard

Broti
09-20-2011, 04:20 AM
Hi Ric,

I also encountered this behavior on my XP system half a year ago when evaluating Mezzmo. I also tested under Win Vista: No admin rights necessary there. So I asked the conceiva support via mail to explain me why admin access is necessary on XP. I never got an answer. I repeated the question a few weeks later. No answer again...
Hopefully they will give some information now.

Regards,
Broti

AceRimmer
09-20-2011, 06:46 AM
I am also wondering why it is necessary for Mezzmo to run under XP with an admin account.

Paul
09-20-2011, 09:20 AM
This is necessary because on XP a normal user cannot start and stop Windows services and Mezzmo server is a Windows service. Vista any other versions allow us more flexibility in this, but I don't think there's a way around this on XP. I believe, the issue is that you can use the "runas" command to do this, but this then makes the server take on the identity of the admin anyway and makes the personal folder where the database is located point to a different location than the non-admin Mezzmo GUI.

Possibly this can be fixed by overriding database locations, but to start/stop the server the person would still need to know admin credentials.

Regarding the never answered e-mail - this usually never happens, can you please PM me your support case ID or your e-mail address and I'll look it up?

Broti
09-21-2011, 04:20 AM
Hi Dennis,

thanks for this explanation.


(The support case ID was 21289)

Regards,
Broti

Ric
09-21-2011, 06:05 AM
Hi Dennis,
Thanks for the info. I guess I'm stuck with it, which is a pity as Mezzmo has been the most impressive product we've been looking at.

Microsoft seem to think that you can set permissions on services for XP Professional (don't know about Home) via Security Templates. The security template editor certainly lets me specify which additional users can start and stop Mezzmo services, although admittedly I'm having a bit of fun getting it to apply. But if you can do it though a windows tool, then I'd be very surprised if it couldn't be done programatically.

The service itself seems to run quite happily when it's user is not an administrator, so it's a shame the GUI seems to take such a tough line.

But even if the security templates trick can't be done from within the program, it doesn't seem beyond the bounds of possibility to have the GUI prompt for an admin password for doing things that really need admin permissions.

Oh well,
-Ric

Paul
09-21-2011, 08:50 AM
(The support case ID was 21289)

We sent replies on March 15th and April 21st - did you receive those?



The service itself seems to run quite happily when it's user is not an administrator, so it's a shame the GUI seems to take such a tough line.

But even if the security templates trick can't be done from within the program, it doesn't seem beyond the bounds of possibility to have the GUI prompt for an admin password for doing things that really need admin permissions.

Yes, as I mentioned, it's actually possible to do this, but it wouldn't be easy on XP. This would be more of an advanced feature, but I agree, perhaps it can be handled better and there should be an override to let you run as non-admin, provided you understand that it may or may not work :) Let me see what I can do here about it.

kitsunegari
09-21-2011, 07:01 PM
Log on as administrator.

Run a command prompt.


sc sdshow Mezzmo

this should return a lengthy string such as
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLO CRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLO CRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD )

Run regedit, and browse too:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>ProfileList

Have a look through the folder keys for the ProfileImagePath that relates to the user you wish to give control too, and grab the SID (key folder name) eg:


S-1-5-21-436374069-1220945662-725345543-2115

Next, we edit the sc sdshow string. Insert
(A;;RPWPCR;;;S-1-5-21-436374069-1220945662-725345543-2115) (where S-1-5-21-436374069-1220945662-725345543-2115 = your SID) before the S: (AU;.....) part of the string so it looks like:


sc sdset Mezzmo D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLO CRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLO CRRC;;;SU)(A;;RPWPCR;;;S-1-5-21-436374069-1220945662-725345543-2115)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)(thi s is hard to read but I had to show it as phpcode so as to avoid loads of smileys!

And hopefully you should get:

[SC] SetServiceObjectSecurity SUCCESS

Hope this helps.

Paul
09-22-2011, 08:53 AM
Thanks for posting this - I'm sure someone will use that :) I've also added a command-line switch to allow Mezzmo GUI to start up as non-admin on XP, so if used in conjunction with the above, it should let you run Mezzmo and the server as non-admin.

Ric
09-24-2011, 05:34 AM
Dennis: Wow! That's an impressive response. Any idea when that'll be released so I can play? I have 11 days left on the trial that's on my house server. I have just been looking at another "competitor" product and was starting to despair we'd find something that would work for us.

kitsunegari: Thank you for that - I will test on my VM and then try it for real on the server over the weekend. Wife permitting ;)

Paul
09-26-2011, 08:56 AM
An unofficial patch is available if you e-mail support, but I don't know when this version will be released. Perhaps by the end of this week, but don't quote me on that ;)

Paul
09-30-2011, 02:12 PM
The newly released v2.4.4 has a command line switch to run Mezzmo on XP under a non-admin user - run it like this: "Mezzmo.exe /ignoreos" to force launching of the GUI.