[Privoxy-users] Installation on Windows 11

[Lee]

On Fri, May 2, 2025 at 10:14 PM Ian Silvester wrote:
>
> Sure, I'm happy to come up with instructions, but I don't yet fully understand the problem.

Take a look here:
  https://www.coretechnologies.com/blog/windows-services/interact-with-desktop/
which matches my recollection that windows xp allowed
privoxy-as-a-service to put an icon on the desktop to control privoxy
that broke in the next release - windows vista

and the more verbose but from a microsoft.com url
  https://answers.microsoft.com/en-us/windows/forum/all/allow-service-to-interact-with-desktop-greyed/4d83d7ff-6d1e-47ce-b79d-8fdb7fe04ad7
"On operating systems prior to Vista services ran in Session 0
alongside user applications and could easily interact with the
desktop, this was widely recognized as a rather serious security risk
so to mitigate this security risk Vista and later operating systems
isolate services in Session 0 and run applications in other sessions,
ergo as a rule services can no longer generally interact with the
desktop in the old fashioned manner, programmers must now use a
different method to have their services interact with users."

And a bit more searching gives
  https://learn.microsoft.com/en-us/answers/questions/27517/is-there-any-workaround-in-win10-to-allow-service
"Unfortunately, just as you found, Microsoft has fully disabled
Interactive Service Detection starting with Windows 10 Build 1803 and
Windows Server 2016 and 2019. Starting with these versions, access to
Session 0 is no longer possible.
There is no way to start the service now."

> There are obviously many apps out there that run as admin (or at least not as the logged-in user) that display a tray icon. Is it a side-effect of Cygwin that the process has to run as the current user in order to display a tray icon?

It seems to be a function of using Windows 10 Build 1803 or later.

>From a cmd.exe window (aka DOS prompt) you can run services.msc and
see all the services and their "Log on as" field.
I don't know that any of those services display a tray icon & if they
do, how they do it.

> If so, my opinion is as follows:
>
> We offer two installation paths. For those who wish to run multiple users on the same machine and/or want a fire-and forget setup, we install with --install and don't worry about the lack of icon (I'd suggest such users won't miss it).

I miss the icon to the point that I won't run privoxy as a service.  I
might very well be the only person that feels that way -- especially
considering that logging is turned off by default, but the ability to
double-click the icon to pop-up the log window is worth the hassle of
exiting privoxy before I log out / log in as a different user (ie.
switching between me as a normal user with no privs and me as The All
Powerful Administrator)

nit: how do those privoxy-as-a-service users look at the privoxy log?
I don't know of an equivalent to "tail -f" on windows

> For those who want the tray icon we offer instructions for granting the logged-in user read/write access to the install location.

Right - it probably would be nice to mention the problem + fix along
with the install doc instead of hidden in the faq.

I kind of like the idea of each user having their own private log file
that nobody else can look at (except maybe the admininstrator) but I
suspect there aren't all that many multi-user windows systems these
days.
In other words, I don't know how useful that feature would be..

> Thoughts?

I see windows as a dead end.  I really didn't like what seemed to be
the MS attitude that the machine I paid for was actually _their_
machine to do with what they will.
Windows 11 seems even worse, so I'm done with windows.  Maybe I'll
have to have something with windows on it later on, but once windows
10 goes end-of-life I'm going to see how living exclusively in linux
land works out.

Lee


>
>
> On Fri, 2 May 2025, at 06:52, Lee wrote:
> > On Thu, May 1, 2025 at 1:27 PM Ian Silvester  wrote:
> >>
> >> On Thu, 1 May 2025, at 09:05, Lee via Privoxy-users wrote:
> >> > On Thu, May 1, 2025 at 8:39 AM Ian Silvester wrote:
> >> >>
> >> >> My experience FWIW is that if I install as my daily driver account, even if that account has admin,
> >> >> upon reboot Privoxy throws an error that it cannot write to ./privoxy.log and dies. I find I have to
> >> >> use -install to avoid this issue. Same behaviour on Win 10 and 11.
> >> >
> >> > You probably took the default and installed Privoxy in "\Program files\Privoxy"
> >> > "c:\Program files" does not normally allow regular users to write to
> >> > anything there, so you can either
> >> >  a) do what I do and create a "c:\temp" that anyone can write to and
> >> > have privoxy logging set to "c:\temp\privoxy.log"
> >> > or
> >> >  b) modify file permissions on "c:\Program files\Privoxy" or
> >> > "c:\Program files\Privoxy\privoxy.log" to allow anyone to write there.
> >> > There's a FAQ for
> >> >   What to do if editing the config file of privoxy is access denied?
> >> > that's also applicable to the privoxy log file.
> >> >
> >> > Lee
> >> >
> >>
> >> Yes quite. Couldn't you alter the installer to offer a default location to which the user
> >> does have write access?
> >
> > I don't know if windows has a place for installing software that
> > anyone can write to.
> > I'm guessing it doesn't because ransomware or anything else could take
> > advantage and replace programs in the "anyone can write here"
> > directory.
> >
> > There are per-user directories that could be used - but they are one
> > per user so if you had say 3 users you'd have to have 3 installs of
> > privoxy.  And 3 separate config, action, filter files, etc.
> > On the other hand, per-user directories would be great for the privoxy
> > log file.  Having a single log file that everyone can read is a
> > security issue .. which is why logging was defaulted to off ages ago??
> > The problem is how to tell privoxy where the per-user file is :(  I
> > suppose the easiest way would be to add a '--logdir' command line
> > option to specify the logdir - eg
> >
> > C:\cygwin\home\Lee\t>args_mingw.exe a b --logdir %LOCALAPPDATA%\privoxy
> > argv[0]: args_mingw.exe
> > argv[1]: a
> > argv[2]: b
> > argv[3]: --logdir
> > argv[4]: C:\Users\Lee\AppData\Local\privoxy
> >
> > I just tried changing the privoxy startup shortcut to have
> >    %APPDATA%\privoxy\config.txt
> > as the config file parameter.  And it works :)
> > ... at least on my windows 10 machine
> >
> > So there is an easy way to have a per-user config file.  The downside
> > being an "include <this> file in the config" directive was never
> > implemented, so we're back to maintaining a config file per user.
> >
> > On the other hand, it's highly probably a '--logdir whatever' command
> > line parameter could be added and that would get
> > 1) a per-user log file
> > 2) that doesn't have the "anyone can look at it" security problem so
> > we could enable logging again
> > 3) and that most users will forget about, fill up their hard drive if
> > logging is enabled and cause who-knows-what problems.
> > which takes care of .. 80% of the problem?
> >
> >> Or, if Windows doesn't allow that, include an explanation
> >> screen during install?
> >
> > Are you offering to write this?
> >
> > You'll notice that I didn't actually explain anything in FAQ for how
> > to fix windows file permissions - just showed an example of how to
> > "use the windows equivalent of sudo" and an example of using icacls to
> > fix individual file permissions problems.  Cargo cult documentation at
> > it's finest :)
> >
> >> I feel like the 'out of the box' experience should work without
> >> the user having to know this.
> >
> > Are you offering?
> >
> > I can take a look at adding a --logdir command line param - that seems
> > like something I can do.
> > Adding an include directive to the config file processing seems a bit
> > much for me :(
> > as does interpreting %evar% directives in the config file
> >
> > and as we've already seen, I think explaining windows file permissions
> > to users is beyond me.
> >
> > Regards,
> > Lee