|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-28-2007
| #1 (permalink) |
| | Disable UAC prompts for *specific* applications Short of using TweakUAC, is there a way to selectively turn off the UAC elevation prompts **specifically** for a given application? Our application is going to run under an account that will have both standard and admin access privileges. There may be situations when the Vista box may undergo an unattended reboot. When the machine comes back on: * How does one log a user back in transparently without any manual intervention? * After such login in complete a Start menu script will launch our application but since it will be unattended there will be no one to consent to the elevation prompt. Is there a way to avoid popping it for our application alone? I read somewhere that signing an executable can allow Vista to elevate its privileges silently. Is that what I should be doing? thanks for any inputs. |
My System Specs |
|
09-28-2007
| #2 (permalink) |
| | RE: Disable UAC prompts for *specific* applications NO. "rdilipk@xxxxxx" wrote: Quote: > > Short of using TweakUAC, is there a way to selectively turn off the > UAC elevation prompts **specifically** for a given application? > > Our application is going to run under an account that will have both > standard and admin access privileges. There may be situations when > the Vista box may undergo an unattended reboot. When the machine > comes back on: > > * How does one log a user back in transparently without any manual > intervention? > * After such login in complete a Start menu script will launch our > application but since it will be unattended there will be no one to > consent to the elevation prompt. Is there a way to avoid popping it > for our application alone? > > I read somewhere that signing an executable can allow Vista to elevate > its privileges silently. Is that what I should be doing? > > thanks for any inputs. > > |
| My System Specs |
|
09-29-2007
| #3 (permalink) |
| | RE: Disable UAC prompts for *specific* applications "rdilipk@xxxxxx" wrote: Quote: > > Short of using TweakUAC, is there a way to selectively turn off the > UAC elevation prompts **specifically** for a given application? > > Our application is going to run under an account that will have both > standard and admin access privileges. There may be situations when > the Vista box may undergo an unattended reboot. When the machine > comes back on: > > * How does one log a user back in transparently without any manual > intervention? > * After such login in complete a Start menu script will launch our > application but since it will be unattended there will be no one to > consent to the elevation prompt. Is there a way to avoid popping it > for our application alone? > > I read somewhere that signing an executable can allow Vista to elevate > its privileges silently. Is that what I should be doing? > > thanks for any inputs. If you could do that then any malware writer could do it also. The app needs to be coded correctly. Quote: > > |
| My System Specs |
|
09-29-2007
| #4 (permalink) |
| | RE: Disable UAC prompts for *specific* applications You can have UAC automatically elevate administrator's privilege level for all processes by making the adjustments described here: User Account Control (UAC) - Elevate Privilege Level "bp" wrote: Quote: > > > "rdilipk@xxxxxx" wrote: > Quote: > > > > Short of using TweakUAC, is there a way to selectively turn off the > > UAC elevation prompts **specifically** for a given application? > > > > Our application is going to run under an account that will have both > > standard and admin access privileges. There may be situations when > > the Vista box may undergo an unattended reboot. When the machine > > comes back on: > > > > * How does one log a user back in transparently without any manual > > intervention? > > * After such login in complete a Start menu script will launch our > > application but since it will be unattended there will be no one to > > consent to the elevation prompt. Is there a way to avoid popping it > > for our application alone? > > > > I read somewhere that signing an executable can allow Vista to elevate > > its privileges silently. Is that what I should be doing? > > > > thanks for any inputs. > Here is a thought. > If you could do that then any malware writer could do it also. > > The app needs to be coded correctly. Quote: > > > > |
| My System Specs |
|
09-29-2007
| #5 (permalink) |
| | RE: Disable UAC prompts for *specific* applications Also, you can set up for automatic logon without user name or password as described here: Logon Automatically "uvbogden" wrote: Quote: > You can have UAC automatically elevate administrator's privilege level for > all processes by making the adjustments described here: > > User Account Control (UAC) - Elevate Privilege Level > > > "bp" wrote: > Quote: > > > > > > "rdilipk@xxxxxx" wrote: > > Quote: > > > > > > Short of using TweakUAC, is there a way to selectively turn off the > > > UAC elevation prompts **specifically** for a given application? > > > > > > Our application is going to run under an account that will have both > > > standard and admin access privileges. There may be situations when > > > the Vista box may undergo an unattended reboot. When the machine > > > comes back on: > > > > > > * How does one log a user back in transparently without any manual > > > intervention? > > > * After such login in complete a Start menu script will launch our > > > application but since it will be unattended there will be no one to > > > consent to the elevation prompt. Is there a way to avoid popping it > > > for our application alone? > > > > > > I read somewhere that signing an executable can allow Vista to elevate > > > its privileges silently. Is that what I should be doing? > > > > > > thanks for any inputs. > > Here is a thought. > > If you could do that then any malware writer could do it also. > > > > The app needs to be coded correctly. Quote: > > > > > > |
| My System Specs |
|
09-30-2007
| #6 (permalink) |
| | Re: Disable UAC prompts for *specific* applications "bp" <bp@xxxxxx> wrote: Quote: > "rdilipk@xxxxxx" wrote: Quote: Quote: >> Short of using TweakUAC, is there a way to selectively turn off the >> UAC elevation prompts **specifically** for a given application? >> Quote: Quote: >> >> I read somewhere that signing an executable can allow Vista to elevate >> its privileges silently. Is that what I should be doing? presentation) suggested that MS *might* provide a mechanism to allow an enterprise to configure its machinines so that applications signed with a specific certificate (not one from Microsoft or any other outside certificate authority) could be silently given elevated rights. This was explicitly stated as a "maybe" and not something about which the MS employee had firm knowledge. I've seen nothing about this in the SP1 documentation or from any other source. Quote: > Here is a thought. > If you could do that then any malware writer could do it also. Although the OP's question involved signing, several people have suggested using a whitelist. If it's a whitelist by filename ("automatically elevate privileges if requested by "foobar.exe") then you've got an open invitation to the world to introduce an infected copy of "foobar.exe" and take over your computer. A slightly more secure mechanism would be to specify the fully-qualified path to the module to be silently given elevated privileges, plus a crypto hash of its content. This leaves, however, the question of how entries are made in the whitelist. If you do employ signed modules as your control, the test cannot be merely "is the module signed;" it must include some mechanism to ensure that the module is authorized by the owner of the computer to receive the silent UAC elevation treatment. Recall that signing a piece of code provides identification but says absolutely nothing about the correctness of the code or whether it represents a security threat. My argument to MS has been that if an enterprise has tested a module and is willing to declare it safe, MS has no business requiring that the end user -- who is typically clueless about the security status of modules distributed by the IT staff -- make the decision to permit or deny elevated rights via UAC. A proposed solution would be to allow the enterprise to configure Vista so that modules signed by a valid enterprise-issued certificate (which should be chained from a root certificate NOT, repeat NOT, provided in Vista by Microsoft) would be silently elevated. This puts control of the feature in the hands of the enterprise (and not in the hands of either Microsoft or a third-party software supplier), and takes the decision-making responsibility out of the end user's hands while retaining the long-overdue improvement in security that UAC provides. Joe Morris |
| My System Specs |
|
09-30-2007
| #7 (permalink) |
| | Re: Disable UAC prompts for *specific* applications These links might be somewhat informative: http://msdn.microsoft.com/library/de...us/dnlong/html /appcomp.asp http://msdn.microsoft.com/windowsvis...pull=/library/ en-us/dnlong/html/AccProtVista.asp http://technet2.microsoft.com/Window...-2b2f-422c-b70 e-b18ff918c2811033.mspx If I remember correctly, you can ask for admin-level running by using a manifest, but then it still uses an admin approval prompt. Quote: > > Short of using TweakUAC, is there a way to selectively turn off the > UAC elevation prompts **specifically** for a given application? > > Our application is going to run under an account that will have both > standard and admin access privileges. There may be situations when > the Vista box may undergo an unattended reboot. When the machine > comes back on: > > * How does one log a user back in transparently without any manual > intervention? > * After such login in complete a Start menu script will launch our > application but since it will be unattended there will be no one to > consent to the elevation prompt. Is there a way to avoid popping it > for our application alone? > > I read somewhere that signing an executable can allow Vista to elevate > its privileges silently. Is that what I should be doing? > > thanks for any inputs. > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Disable UAC prompt for specific applications | Vista General | |||
| disable the UAC elevation prompts | Vista file management | |||
| Several applications are trying to access the internet to specific ip address in vista only! ref/eDN3072784783 | Vista General | |||
| Disable UAC prompts for *specific* applications | Vista account administration | |||
| Several applications are trying to access the internet to specific ip address 10.0.0.138 & 224.0.0.2, while ARE NOT internet applications! ref/eDN3072784783 | Vista General | |||
