UAC issues

murr

New Member
Hey all,

What exactly is UAC? Is it absolutely necessary to have on your computer? Will it totally kill me to not have it running?

I ask these questions because I need to have it disabled to run a certain program from my company because of the usage of ICMPv4,v6 echo/pinging that it disables.

Is there a work around to enable these settings without disabling UAC?

Also the last question would be that it seems like when I disable the UAC, I have security that is the same as windows XP. Is that true??

Any help would be greatly appreciated!!!

Thanks,
Murr
 

My Computer

Hey all,

What exactly is UAC? Is it absolutely necessary to have on your computer? Will it totally kill me to not have it running?

I ask these questions because I need to have it disabled to run a certain program from my company because of the usage of ICMPv4,v6 echo/pinging that it disables.

Is there a work around to enable these settings without disabling UAC?

Also the last question would be that it seems like when I disable the UAC, I have security that is the same as windows XP. Is that true??

Any help would be greatly appreciated!!!

Thanks,
Murr

Hey Murr,

UAC was built to stop virus`s and malware from taking control of the entire system.

Checkout these Threads for more information on UAC:
Vista Forums - Threads Tagged with uac

http://www.vistax64.com/tutorials/48893-user-account-control-uac.html
 

My Computer

As far as I am aware, UAC doesn't disable ICMP. But the Windows firewall does by default. I think all you have to do is enable ICMP echo requests through the firewall.

Someone will correct me if I'm wrong.......
 

My Computer

Programs, Malware and Rootkits try to install without the user intervention, and try to run with full Admin rights.
UAC sees these and stops the install untill the user ok's and authorizes them(or not).
Most newer programs are being written to run in restricted user rights, So any program- good or bad that requests admin rights has the ability to corrupt/damage your system, and personally I like to know what's trying to run on my system.

To remove UAC is like leaving the deadbolt on house disengaged because it takes twice as long then just locking the knob.
 

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics Card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB)
    and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive:
    Panasonic UJ-220 DL BD-RE (Blu-Ray)
As far as I am aware, UAC doesn't disable ICMP. But the Windows firewall does by default. I think all you have to do is enable ICMP echo requests through the firewall.

Someone will correct me if I'm wrong.......

Hi Buffalo,

UAC is designed to stop anything from automatically escalating its privilege level without your consent but your right it has nothing todo with Windows Firewall

However Windows Firewall does not block ICMP by default (See ICMP Screenshot below) there are other ICMP options it blocks but you change the Network location by Clicking Customize in the Network and Sharing Center (see Customize Screenshot) or use the Windows Firewall with Advanced Security under Administrative Tools in Control Panel ;)

Steven

attachment.php


 

Attachments

  • ICMP.JPG
    ICMP.JPG
    230.3 KB · Views: 564
  • Customise.JPG
    Customise.JPG
    10.5 KB · Views: 468

My Computer

As far as I am aware, UAC doesn't disable ICMP. But the Windows firewall does by default. I think all you have to do is enable ICMP echo requests through the firewall.

Someone will correct me if I'm wrong.......

Hi Buffalo,

UAC is designed to stop anything from automatically escalating its privilege level without your consent but your right it has nothing todo with Windows Firewall

However Windows Firewall does not block ICMP by default (See ICMP Screenshot below) there are other ICMP options it blocks but you change the Network location by Clicking Customize in the Network and Sharing Center (see Customize Screenshot) or use the Windows Firewall with Advanced Security under Administrative Tools in Control Panel ;)

Steven



[URL="http://www.vistax64.com/attachment.php?attachmentid=4748&stc=1&d=1214505407"][/URL]

Well yes this true what you all have been saying except for the fact that when you enable the ICMP pinging/echo requests I still cannot run my software that is spefically designed to use a ICMP pinging/echo request protocol. By then disabling the UAC it was able to work fine...is there something that I am drastically missing? Because it would seem like to me after all my testing on this subject the UAC blocks the echo request.

Please let me know if I am way off or not.

One other quick question is that by turning off UAC does it put the system in a XP style of security??

Thanks all,
Murr
 

My Computer

Or, if you think about it carefully, UAC is blocking the *program* from making the ECHO request in the first place - not blocking it at the network layer, but blocking the application at the physical layer.

Try running the application with administrative privileges...
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64 Insider Preview (Skip Ahead) latest build
    Manufacturer/Model
    The Beast Model V (homebrew)
    CPU
    Intel Core i7 965 EE @ 3.6 GHz
    Motherboard
    eVGA X58 Classified 3 (141-GT-E770-A1)
    Memory
    3 * Mushkin 998981 Redline Enhanced triple channel DDR3 4 GB CL7 DDR3 1600 MHz (PC3-12800)
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek HD Audio (onboard)
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2 * 1920 x 1080
    Hard Drives
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD (System)
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD (User Tree)
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM SATA II Mech. HD
    Seagate ST1500DL001-9VT15L Barracuda 7200.12 1.5 TB S
    PSU
    Thermaltake Black Widow TX TR2 850W 80+ Bronze Semi-Mod ATX
    Case
    ThermalTake Level 10 GT (Black)
    Cooling
    Corsair H100 (CPU, dual 140 mm fans on radiator) + Air (2 *
    Keyboard
    Logitech G15 (gen 2)
    Mouse
    Logitech MX Master (shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
  • Operating System
    Sabayon Linux (current, weekly updates, 5.1.x kernel)
    Manufacturer/Model
    Lenovo ThinkPad E545
    CPU
    AMD A6-5350M APU
    Motherboard
    Lenovo
    Memory
    8 GB
    Graphics card(s)
    Radeon HD (Embedded)
    Sound Card
    Conextant 20671 SmartAudio HD
    Monitor(s) Displays
    Lenovo 15" Matte
    Screen Resolution
    1680 * 1050
    Hard Drives
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SSD
    PSU
    Lenovo
    Case
    Lenovo
    Cooling
    Lenovo
    Mouse
    Logitech MX Master (shared) | Synaptics TouchPad
    Keyboard
    Lenovo
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
Or, if you think about it carefully, UAC is blocking the *program* from making the ECHO request in the first place - not blocking it at the network layer, but blocking the application at the physical layer.

Try running the application with administrative privileges...


Ok that would seem like a good idea but when I get to the application and right click on it to run as admin there is no tab to run as admin. Any suggestions?

Murr
 

My Computer

not a tab, when you right click on the shortcut to the application, the context menu shows a "run as administrator".

If you want to make the application run as administrator permanently, then what you do instead is right click on the program / shortcut, select the compatibility tab, and at the bottom is the option to run as administrator.

But I would try running it *once* as administrator using the first method to see if it works or not.

Also, your app may actually be calling another application to actually make the ECHO request....
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64 Insider Preview (Skip Ahead) latest build
    Manufacturer/Model
    The Beast Model V (homebrew)
    CPU
    Intel Core i7 965 EE @ 3.6 GHz
    Motherboard
    eVGA X58 Classified 3 (141-GT-E770-A1)
    Memory
    3 * Mushkin 998981 Redline Enhanced triple channel DDR3 4 GB CL7 DDR3 1600 MHz (PC3-12800)
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek HD Audio (onboard)
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2 * 1920 x 1080
    Hard Drives
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD (System)
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD (User Tree)
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM SATA II Mech. HD
    Seagate ST1500DL001-9VT15L Barracuda 7200.12 1.5 TB S
    PSU
    Thermaltake Black Widow TX TR2 850W 80+ Bronze Semi-Mod ATX
    Case
    ThermalTake Level 10 GT (Black)
    Cooling
    Corsair H100 (CPU, dual 140 mm fans on radiator) + Air (2 *
    Keyboard
    Logitech G15 (gen 2)
    Mouse
    Logitech MX Master (shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
  • Operating System
    Sabayon Linux (current, weekly updates, 5.1.x kernel)
    Manufacturer/Model
    Lenovo ThinkPad E545
    CPU
    AMD A6-5350M APU
    Motherboard
    Lenovo
    Memory
    8 GB
    Graphics card(s)
    Radeon HD (Embedded)
    Sound Card
    Conextant 20671 SmartAudio HD
    Monitor(s) Displays
    Lenovo 15" Matte
    Screen Resolution
    1680 * 1050
    Hard Drives
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SSD
    PSU
    Lenovo
    Case
    Lenovo
    Cooling
    Lenovo
    Mouse
    Logitech MX Master (shared) | Synaptics TouchPad
    Keyboard
    Lenovo
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
not a tab, when you right click on the shortcut to the application, the context menu shows a "run as administrator".

If you want to make the application run as administrator permanently, then what you do instead is right click on the program / shortcut, select the compatibility tab, and at the bottom is the option to run as administrator.

But I would try running it *once* as administrator using the first method to see if it works or not.

Also, your app may actually be calling another application to actually make the ECHO request....

Yes not a tab is correct, wrong usage of the context menu. When the context menu is up tho there is no option to run as administrator.

I believe this is because the software already acts as an admin. Or that is how it was originally designed to work on an XP system.

Tho the problem could be in that when we wrote this software it was in XP compared to vista, so the integrations between the two are a little interesting.
 

My Computer

If it needs admin privileges by default to run then it should be giving you a UAC prompt every time. If it is not, then ti is not requesting the admin level privileges.

What is the app exactly? Or , better yet, is there a way I can test it on my system to see if I get the run as administrator for it?
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64 Insider Preview (Skip Ahead) latest build
    Manufacturer/Model
    The Beast Model V (homebrew)
    CPU
    Intel Core i7 965 EE @ 3.6 GHz
    Motherboard
    eVGA X58 Classified 3 (141-GT-E770-A1)
    Memory
    3 * Mushkin 998981 Redline Enhanced triple channel DDR3 4 GB CL7 DDR3 1600 MHz (PC3-12800)
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek HD Audio (onboard)
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2 * 1920 x 1080
    Hard Drives
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD (System)
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD (User Tree)
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM SATA II Mech. HD
    Seagate ST1500DL001-9VT15L Barracuda 7200.12 1.5 TB S
    PSU
    Thermaltake Black Widow TX TR2 850W 80+ Bronze Semi-Mod ATX
    Case
    ThermalTake Level 10 GT (Black)
    Cooling
    Corsair H100 (CPU, dual 140 mm fans on radiator) + Air (2 *
    Keyboard
    Logitech G15 (gen 2)
    Mouse
    Logitech MX Master (shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
  • Operating System
    Sabayon Linux (current, weekly updates, 5.1.x kernel)
    Manufacturer/Model
    Lenovo ThinkPad E545
    CPU
    AMD A6-5350M APU
    Motherboard
    Lenovo
    Memory
    8 GB
    Graphics card(s)
    Radeon HD (Embedded)
    Sound Card
    Conextant 20671 SmartAudio HD
    Monitor(s) Displays
    Lenovo 15" Matte
    Screen Resolution
    1680 * 1050
    Hard Drives
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SSD
    PSU
    Lenovo
    Case
    Lenovo
    Cooling
    Lenovo
    Mouse
    Logitech MX Master (shared) | Synaptics TouchPad
    Keyboard
    Lenovo
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
Ah ok that makes sense that it would need admin each time, yet it does not prompt it. I believe becuase of the way that we designed it, we have enabled it to run with admin priv each time, so maybe that was broken.

I would give you a copy minus the fact that I cannot legally release our software outside of our eng department. Plus you would require all of our extraneous hardware to run in tandum with it and that I cannot release as well (not to mention the $$ amounts behind the hardware).

Would you like a screen shots of what I am seeing? I can do this tho...
 

My Computer

Ah ok that makes sense that it would need admin each time, yet it does not prompt it. I believe becuase of the way that we designed it, we have enabled it to run with admin priv each time, so maybe that was broken.

Yeah UAC is blocking the application from directly accessing the network stack.. Depending on how your application was built you can make it Prompt for elevation...

A manifest file:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3">
<v3:security>
<v3:requestedPrivileges>
<v3:requestedExecutionLevel level="highestAvailable" />
</v3:requestedPrivileges>
</v3:security>
</v3:trustInfo>
</assembly>

.NET Framework:

System::Diagnostics::Process^ proc = gcnew System::Diagnostics::Process();
proc->StartInfo->FileName = "C:\\Windows\\system32\\notepad.exe";
proc->StartInfo->Verb = "runas"; // Elevate the application
proc->Start();

Native win32:

ShellExecute(hwnd, "runas", "C:\\Windows\\Notepad.exe", 0, 0, SW_SHOWNORMAL);


Steven
 

My Computer

@murr - sorry, I misunderstood your other post when you mentioned the app you wrote e - I didn't realize you were testing your own app in-house - in that case, no worries, I understand that inability to reveal it to me in any way manner or fashion.

In this case a Screen shot is not required either, because as I surmised and you confirmed, if the app was written in the days of XP, then (and you confirmed this) it was able to get admin privileges for actions without requesting them, as long as it was not run from a limited user account.

This problem is prevalent in many applications written in the days of XP and ported over to Vista. As Steven put up the manifest file works great for incorporating into your application for the request for elevated privileges - but in case you didn't know, as a workaround you should be able to simply add in the appropriate details (the manifest I had was a bit more detailed, including the actual program name, version, etc) and place it in the same folder as the executable, naming it the exact same with a manifest tag: if the app name is foo.bar.exe then the manifest filename is foo.bar.exe.manifest

After that if it attempts to perform any actions that require administrative privileges, then this should force Vista to generate the UAC prompt.

I'll try to dig up my manifest template if this one does not work for you as is.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64 Insider Preview (Skip Ahead) latest build
    Manufacturer/Model
    The Beast Model V (homebrew)
    CPU
    Intel Core i7 965 EE @ 3.6 GHz
    Motherboard
    eVGA X58 Classified 3 (141-GT-E770-A1)
    Memory
    3 * Mushkin 998981 Redline Enhanced triple channel DDR3 4 GB CL7 DDR3 1600 MHz (PC3-12800)
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek HD Audio (onboard)
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2 * 1920 x 1080
    Hard Drives
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD (System)
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD (User Tree)
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM SATA II Mech. HD
    Seagate ST1500DL001-9VT15L Barracuda 7200.12 1.5 TB S
    PSU
    Thermaltake Black Widow TX TR2 850W 80+ Bronze Semi-Mod ATX
    Case
    ThermalTake Level 10 GT (Black)
    Cooling
    Corsair H100 (CPU, dual 140 mm fans on radiator) + Air (2 *
    Keyboard
    Logitech G15 (gen 2)
    Mouse
    Logitech MX Master (shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
  • Operating System
    Sabayon Linux (current, weekly updates, 5.1.x kernel)
    Manufacturer/Model
    Lenovo ThinkPad E545
    CPU
    AMD A6-5350M APU
    Motherboard
    Lenovo
    Memory
    8 GB
    Graphics card(s)
    Radeon HD (Embedded)
    Sound Card
    Conextant 20671 SmartAudio HD
    Monitor(s) Displays
    Lenovo 15" Matte
    Screen Resolution
    1680 * 1050
    Hard Drives
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SSD
    PSU
    Lenovo
    Case
    Lenovo
    Cooling
    Lenovo
    Mouse
    Logitech MX Master (shared) | Synaptics TouchPad
    Keyboard
    Lenovo
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
Hey Guys,

I will for sure give the manifest file a try when I implement the next fixes on the software. Then I will let you know if it works! Hopefully it will solve the problem so I do not have tell our customers to turn off UAC!

Murr
 

My Computer

Back
Top