|
Patrick,
I'm not picking on you, but there is one more thing you should change to ensure that your script is secure.
Whenever you call an external command (using Shell, Run or whatever) be sure to fully qualify the command.
You have done this in almost every case expect where you call "su".
If a savvy use places a copy of "su.exe" higher in the execution chain (PATH) there is a possibility that will get executed instead of the one in your package, and the one that they place there may not be benign.
Prefix the "su" with either @SCRIPTDIR or %KIXCRYPTDIR% to be sure that it is running your version.
| 
