The current means of editing the config for NVDA on secure screens is rather clunky and has been giving many users issues for a long time. Much discussion has been had on the matter, and I'm coming here with this proposal from a separate issue where this was brought up while trying to address it in another manner.
Is your feature request related to a problem? Please describe.
It is known that NVDA's configuration cannot be saved while in secure mode, which while somewhat annoying is an understandable stance to take, especially in regards to add-ons, which are the most obvious security implication of such a thing. The current solution for changing it involves copying the entire config from the current NVDA session, including all add-ons, elevating if necessary and displaying a scary warning if any add-ons are installed. One cannot choose to copy only a subset of config, such as excluding add-ons or only including some of them. In order to make the kind of secure config I want, I am required to exit NVDA< manually, cut all but the add-ons I want out of my NVDA config, launch it again, change settings to fit, then copy that. Then I must exit, put the add-ons back, launch again, and change my configuration back to the way I had it before, or restore from a backup of the ini files. This is obviously less than ideal and is not something we can expect most people to want to deal with if they just want to, say, make the synthesizer speak faster, disable echo, and use a different keyboard layout on secure screens.
Describe the solution you'd like
I believe one solution to this which might end up being the easiest to implement, if not the 100% most ideal solution for users, is a pseudo-profile or restart state of NVDA that uses the configuration of secure screens but allows editing them. That is, the configuration it is using is that of the secure mode, but it is open to editing just like the normal configuration, including installing and configuring add-ons. It would prompt once for elevation upon activation of this mode if necessary in order to be able to actually edit the files in the system config directory, which would otherwise be impossible with UAC. Needless to say this would be restricted to administrators, just like the current solution.
Details of implementation
This mode could be activated with some kind of command line flag to launching NVDA< such as --secure-editable. A button would then be created in the general settings dialog either next to or replacing the current copy settings button that says "edit secure configuration..." or something of the sort, which would restart NVDA with this switch.
NVDA would prompt for elevation when launched with that switch, and then bring up an instance of itself using the system config as its config directory but not engaging any of the other restrictions placed on secure mode. A subset of these restrictions could be enabled if NVAccess desire them, such as disabling python console and scratchpad features. The user would then configure NVDA to taste, changing settings and installing/updating any add-ons they would like, the store should function here. The restarts brought about by the installation of add-ons would preserve this flag so that it can relaunch into the same mode. Bonus points if it can preserve its elevation from previously when doing this so it need not prompt again, but I don't know how doable that is. Once they're finished, they would save configuration and restart NVDA via the shortcut or some other way, which would launch in the normal mode. A button in general settings replacing the two secure settings buttons mentioned previously could say something along the lines of "save modifications and exit..." which would basically do the same thing, in case the automatically save configuration setting was unchecked simply restarting would lose settings changes. This could also be put in the quit NVDA dialog.
Describe alternatives you've considered
If it were implemented as a pseudo-profile it might show up in the configuration profiles section and could be activated and deactivated like any other profile. From what little I know about the profile architecture, however, this would be exceedingly hard to get right, as profiles rely on pulling in values from the primary config, and add-ons are not profile-specific. Thus this would be a special case to profiles and this would spread all over anything that handles profiles. I don't think this is the way forward.
Another solution to this, though one that is slightly less applicable in multi-user scenarios, would be to introduce true granularity to the copying of settings. Provide a check list of add-ons, all unchecked by default, to copy, and enumerate settings, say by section or category, to copy. I believe this is the primary proposal people have thought of of late, certainly it was in my case, but I realized it is likely to run into issues elsewhere. Aside from the difficulty of implementing such granularity, this would be likely to miss the case of add-ons that store dependencies or configuration in auxiliary files in the profile directory. Furthermore, it would still require you to change your main NVDA configuration twice, once to have the settings you want sent and then again to bring them back to normal. This might entail changing of synthesizer and rate, but might also involve such complex things as removing gestures from add-ons you aren't bringing and replacing them with defaults, say for the configuration of the clock add-on which overrides NVDA+f12. While it would be useful, especially the check-list of add-ons, the downsides outweigh the upsides and are likely to introduce weird edge cases and confuse users, on top of being hard to implement. Something like this is probably more applicable for portable copy creation, but the approach I'm suggesting here is equivalent to making a new portable copy and then configuring it to taste without any influence from the main config.
Additional context
I believe this is currently achievable if in a somewhat roundabout manner. Currently, one might be able to copy the system config directory to some other place that doesn't require elevation, launch NVDA passing that as the config path, configure it to taste, and after exiting delete the system config directory and replace it with the contents of the modified location. You can't simply cut in both directions because NVDA would end up without a secure config which might appear when trying to elevate to move it back. I don't know if there's a means by which we could currently use the config path mechanism to edit the secure config in-place due to the need for elevation. Still, even if we could, an officially sanctioned way of doing this in the UI would be helpful for many that don't have the know-how to try something like that.
Unfortunately, I lack the skills and internal knowledge to submit a pull request implementing this, so I hope someone else will take up the challenge! This might turn out to be the most acceptable solution to the thorny problem of secure config, and I imagine many users will thank you for it.
The current means of editing the config for NVDA on secure screens is rather clunky and has been giving many users issues for a long time. Much discussion has been had on the matter, and I'm coming here with this proposal from a separate issue where this was brought up while trying to address it in another manner.
Is your feature request related to a problem? Please describe.
It is known that NVDA's configuration cannot be saved while in secure mode, which while somewhat annoying is an understandable stance to take, especially in regards to add-ons, which are the most obvious security implication of such a thing. The current solution for changing it involves copying the entire config from the current NVDA session, including all add-ons, elevating if necessary and displaying a scary warning if any add-ons are installed. One cannot choose to copy only a subset of config, such as excluding add-ons or only including some of them. In order to make the kind of secure config I want, I am required to exit NVDA< manually, cut all but the add-ons I want out of my NVDA config, launch it again, change settings to fit, then copy that. Then I must exit, put the add-ons back, launch again, and change my configuration back to the way I had it before, or restore from a backup of the ini files. This is obviously less than ideal and is not something we can expect most people to want to deal with if they just want to, say, make the synthesizer speak faster, disable echo, and use a different keyboard layout on secure screens.
Describe the solution you'd like
I believe one solution to this which might end up being the easiest to implement, if not the 100% most ideal solution for users, is a pseudo-profile or restart state of NVDA that uses the configuration of secure screens but allows editing them. That is, the configuration it is using is that of the secure mode, but it is open to editing just like the normal configuration, including installing and configuring add-ons. It would prompt once for elevation upon activation of this mode if necessary in order to be able to actually edit the files in the system config directory, which would otherwise be impossible with UAC. Needless to say this would be restricted to administrators, just like the current solution.
Details of implementation
This mode could be activated with some kind of command line flag to launching NVDA< such as
--secure-editable. A button would then be created in the general settings dialog either next to or replacing the current copy settings button that says "edit secure configuration..." or something of the sort, which would restart NVDA with this switch.NVDA would prompt for elevation when launched with that switch, and then bring up an instance of itself using the system config as its config directory but not engaging any of the other restrictions placed on secure mode. A subset of these restrictions could be enabled if NVAccess desire them, such as disabling python console and scratchpad features. The user would then configure NVDA to taste, changing settings and installing/updating any add-ons they would like, the store should function here. The restarts brought about by the installation of add-ons would preserve this flag so that it can relaunch into the same mode. Bonus points if it can preserve its elevation from previously when doing this so it need not prompt again, but I don't know how doable that is. Once they're finished, they would save configuration and restart NVDA via the shortcut or some other way, which would launch in the normal mode. A button in general settings replacing the two secure settings buttons mentioned previously could say something along the lines of "save modifications and exit..." which would basically do the same thing, in case the automatically save configuration setting was unchecked simply restarting would lose settings changes. This could also be put in the quit NVDA dialog.
Describe alternatives you've considered
If it were implemented as a pseudo-profile it might show up in the configuration profiles section and could be activated and deactivated like any other profile. From what little I know about the profile architecture, however, this would be exceedingly hard to get right, as profiles rely on pulling in values from the primary config, and add-ons are not profile-specific. Thus this would be a special case to profiles and this would spread all over anything that handles profiles. I don't think this is the way forward.
Another solution to this, though one that is slightly less applicable in multi-user scenarios, would be to introduce true granularity to the copying of settings. Provide a check list of add-ons, all unchecked by default, to copy, and enumerate settings, say by section or category, to copy. I believe this is the primary proposal people have thought of of late, certainly it was in my case, but I realized it is likely to run into issues elsewhere. Aside from the difficulty of implementing such granularity, this would be likely to miss the case of add-ons that store dependencies or configuration in auxiliary files in the profile directory. Furthermore, it would still require you to change your main NVDA configuration twice, once to have the settings you want sent and then again to bring them back to normal. This might entail changing of synthesizer and rate, but might also involve such complex things as removing gestures from add-ons you aren't bringing and replacing them with defaults, say for the configuration of the clock add-on which overrides NVDA+f12. While it would be useful, especially the check-list of add-ons, the downsides outweigh the upsides and are likely to introduce weird edge cases and confuse users, on top of being hard to implement. Something like this is probably more applicable for portable copy creation, but the approach I'm suggesting here is equivalent to making a new portable copy and then configuring it to taste without any influence from the main config.
Additional context
I believe this is currently achievable if in a somewhat roundabout manner. Currently, one might be able to copy the system config directory to some other place that doesn't require elevation, launch NVDA passing that as the config path, configure it to taste, and after exiting delete the system config directory and replace it with the contents of the modified location. You can't simply cut in both directions because NVDA would end up without a secure config which might appear when trying to elevate to move it back. I don't know if there's a means by which we could currently use the config path mechanism to edit the secure config in-place due to the need for elevation. Still, even if we could, an officially sanctioned way of doing this in the UI would be helpful for many that don't have the know-how to try something like that.
Unfortunately, I lack the skills and internal knowledge to submit a pull request implementing this, so I hope someone else will take up the challenge! This might turn out to be the most acceptable solution to the thorny problem of secure config, and I imagine many users will thank you for it.