Aug 27, 2018 | Retail Pro Prism
Understanding Elevated Permission Requests
Windows safeguards critical operations, files, and memory spaces to maintain the integrity of the operating system. Programs attempting to manipulate or utilize these protected elements depend on the permissions granted to end users.
Protected elements have evolved significantly over time. What was previously permitted in one Windows version may now be protected, sometimes even due to Windows updates. As a result, certain operations that worked without issue in the past may now require elevated permissions.
Furthermore, dealing with external libraries and hardware adds complexity to the security model. Although an application itself may not necessitate elevation, an operation within an external library loaded into the application space might trigger an elevation requirement flagged by Windows. The application lacks awareness and control over how these libraries are coded.
Retail Pro 9 and Elevated Permission Requests
Retail Pro 9 was developed during the availability of Windows 2000. As the security model has evolved through Windows XP, Win 7, and up to Win 10 and 11, Retail Pro 9 often requires elevation for tasks such as accessing files in protected locations (e.g., Program Files x86 or the Windows directory), utilizing the Windows registry, interacting with hardware drivers, and enabling remote communication.
Retail Pro Prism and Elevated Permission Requests
Retail Pro Prism employs a different application model compared to legacy versions of Retail Pro. The server components of Prism, once installed, operate under the local system session, and typically do not require elevation. On the other hand, the client runs through a web browser and does not usually require elevation. However, certain Prism Tools, including the Prism Proxy, are applications running in the logged-in user session and may encounter elevation issues similar to those described earlier. The complexity of the elevation configuration may increase as hardware and customizations are added to a Prism system.
A Separate Note about Installers
The Windows security model is particularly sensitive to installers, which often require elevation. This elevation requirement, however, does not extend directly to running the application itself.
Tools to Assist
When encountering elevated permission prompts while running Retail Pro in a client environment, Microsoft's Process Monitor (part of the System Information Suite) can be used. This tool helps determine the registry entries, files, and remote resources accessed by an application. Although it may not explicitly identify operations requiring elevation, it can assist a security team in understanding what resources are being accessed and adjusting permissions accordingly.