SyncBackPro and SyncBackSE can run elevated or not elevated (see a description of elevation below). By default, they are run elevated (unless you have installed SyncBackPro only for the current user). Some functionality, e.g. copying locked files, requires elevation (see below). However, for security reasons you may not want to run some profiles elevated, or you may require that they are always run elevated, which is the reason for these settings.
•Elevation requirements: By default, a profile will run regardless of whether SyncBack is elevated or not. You can optionally choose to make sure a profile is always run elevated or not elevated. If you require the profile to run elevated, for example, then if you start a profile from a non-elevated instance of SyncBack then it will start an elevated instance of SyncBack and run the profile using that elevated instance. Also, if you schedule a profile, SyncBack will configure the scheduled task appropriately depending on the elevation setting.
•Create Not Elevated EXE: If you are running SyncBack elevated, and the non-elevated version of SyncBack does not exist, then you can click this button to create it. Note that the non-elevated version of SyncBack is created using a hard-link, meaning it does not use disk space. However, if a hard-link cannot be created, e.g. the file system does not support it, then it has to make a copy of the executable which does take a very small amount of extra disk space.
If you configure a profile to be run elevated, or not elevated, and it cannot be run using the correct elevation, then the profile will fail to run.
|
If a schedule is created by an Administrator user, even if the non-elevated version of SyncBack is used, then the scheduled task is always run elevated regardless of the settings. For this reason, if the profile has been started by the task scheduler, then it will not fail if run elevated when it should not be, for example. |
|
What is "elevation"?
When Windows Vista was introduced, it changed the way user security is implemented in Windows. Previously, e.g. in Windows XP, when a program was run it was given all the security rights of the user that started the program. So if you were an Administrator, the program had access to everything.
With Vista, the concept of elevation was introduced. Basically, if the software did not need special access rights, e.g. it was a game, then it would not request those rights and not be given them. So even if an Administrator started the game, it would run just like a non-administrator user had started it, i.e. it would not be run with elevated rights.
Some software, e.g. backup software, system utilities, etc., may require Administrator access rights to function correctly, e.g. they need to access files owned by other users. Such software is configured to run elevated, i.e. it requires elevated privileges (the rights the Administrator has), when started. This is why you receive a confirmation prompt from Windows asking your permission to run the software elevated. Windows is asking your permission before software with elevated privileges is started. |
|
How is there an elevated and non-elevated version of SyncBack?
An executable can define the execution level it requires in its manifest. The manifest can be embedded in the executable or in a separate XML file. SyncBack uses an XML file.
SyncBackPro, for example, has the executable filename of SyncBackPro.exe. A manifest file has the same name as the executable, but with .manifest tagged onto it. So for SyncBackPro.exe the manifest file is SyncBackPro.exe.manifest
The non-elevated version of SyncBackPro has the filename SyncBackPro.NE.exe with the manifest file being called SyncBackPro.NE.exe.manifest
The two executable files are identical. A hard-link is created (if possible), which essentially means both filenames point to the same contents on the disk. Only the manifest files are different, which tells Windows to start it elevated or not elevated.
If you have installed SyncBackPro only for the current user then it will not run elevated. |
If SyncBackPro is not run elevated then the following functions, due to security restrictions in Windows, cannot be used:
•The Scheduler Monitor Service will not be installed if you are installing for the Current User. This is because services can only be installed by Windows administrators.
•Open/locked files cannot be copied. Access to the shadow volume is restricted to administrators. The log file will contain the error: Unable to create shadow volume: Initialization failure
•The backup file copying method cannot be used (it will gracefully fallback to the standard file copying method).
•Directory symbolic links cannot be created.
•When creating a schedule, you can only create one that will run when you are logged in.
•Virtual drives cannot be mounted.
•Restore points cannot be created. Note that Windows Server does not support creating System Restore Points.
•You may not have access to some files and directories (due to NTFS security).
•The SyncBackPro Window Shell Extension cannot be used.
If SyncBackPro is run elevated then take note of the following:
•Mapped network drives cannot be seen by elevated processes.
All Content: 2BrightSparks Pte Ltd © 2003-2024