How to solve the "Needs Admin Access" issue on Windows

There have been a number of messages here on the fact that Etcher has access problems when running on Windows - because it needs to be run with elevated privileges.

Back when I worked for H&R Block, we ran into this issue when developing software for Win Vista +.

The solution is to include a “manifest” file in the root of your build. I do not know what the current format for the manifest file is now, but there is a key called “request admin” (or something similar), that causes the executable to request elevated privilege when run.

This will cause Etcher to always request admin access before running - allowing Etcher access to the underlying hardware.

This can be done with both the installed executable and the portable executable file.

What say ye?

Etcher does not need to run with elevated privileges itself. It spawns a child process for writing to the drives. Only this subprocess needs to be elevated. That is why the UAC dialog only pop up when you press flash.
We don’t want Etcher to always request admin access before running.

1 Like

Can we avoid admin pwd while writing to drive?
Most of the office laptops do not have admin privileges to employees.

Is there an alternate?

1 Like

Hi, unfortunately etcher needs admin privileges in order to perform the write process; we spawn an elevated child process as mentioned earlier in the thread, which on Windows probably shows the usr/psw dialogue when it’s done from a non-admin user, but that’s just my guess.
The alternative would be to run it from an admin account, so that only the “yes/no” dialogue is shown.

1 Like

Sounds reasonable, but it leaves me with one question:

Since Etcher’s sole and entire purpose in life is to “etch”, (flash), SD cards and the like, and since accessing the raw device, (which is necessary to flash it), requires administrative privilege on every operating system I’ve ever used. . . . .

Would someone please explain to me a use-case for Etcher that does NOT ultimately require admin access?  (i.e.  One that does NOT actually involve “etching” the media or accessing the media’s raw device node?)

In the case were a person who does NOT have administrative access needs to flash SD cards or the like, a system administrator needs to come up with a way to allow Etcher to have admin access without granting it to the user - and there are ways of doing that.  Granting administrative access to a specific sub-process within Etcher is a whole 'nother can of worms administratively.

Ergo, it doesn’t really matter, (IMHO), which end of Etcher gets the administrative access, just so long as it gets there.  I just end up setting “run as administrator” in the compatibility settings on Windows so it asks right away and does what it needs to do.

There is no reason Etcher couldn’t ask for permissions before running, but in general, it is bad practice to have security access you don’t need. It’s the same concept as running a server as root. In addition, you could start the etcher process, select your file, and find out the file cannot be flashed or you need to go get an SD card, etc., and you’ve granted permissions for no reason.