Windows Vista Forums

Vista UAC interfering with operation of program

  1. #1


    Marc Guest

    Vista UAC interfering with operation of program

    Hi,

    The company I work for is developing a product that will auto launch a small
    application (necessary for the usage of the product) when plugged into a USB
    port. The application (an .exe file) resides on the device itself, and
    Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
    Unfortunately, the way the product was developed, you have to be a local
    administrator on the machine in order for it to work, at least for Windows
    2000 and XP. When it comes to Vista, it seems being a local administrator
    isn't enough, because for some reason the program still doesn't run with
    administrative privileges and the end user receives an error. A work-around
    I've discovered is to browse to the application .exe file and right click on
    it and choose "run as administrator" (I'm then prompted with the UAC
    allow/deny - but at least when I choose allow it work) but its annoying to
    ask the end users to do this each and every time. Additionally, because its
    set to auto-run, the program launches of the device each time its plugged in
    and gives the user the administrative rights error. I've tried setting the
    application .exe file on the device to always run as an administrator, but
    for some reason when I do this and then next plug the device in, I get stuck
    in a UAC allow/deny loop. If I copy the application .exe file to the
    computer and set it to always run as an administrator, it works with only one
    UAC allow/deny prompt, so I'm not sure why its looping when its set to always
    run as administrator on the device itself. I'm looking for some sort of
    work-around that doesn't require the end user to disable UAC and will
    hopefully allow the end user to either go through one set of steps initially
    and have it always work after that, or at least get a way to have it so that
    initially the program doesn't launch in standard mode when plugged in and
    give the user the administrative error. Any help is greatly appreciated. If
    you have any questions, please feel free to ask. Thanks.

    - Marc

      My System SpecsSystem Spec

  2.   


  3. #2


    Pete Delgado Guest

    Re: Vista UAC interfering with operation of program


    "Marc" <Marc@discussions.microsoft.com> wrote in message
    news:E1A839E1-047F-44A0-B0DA-0413B56BAEB0@microsoft.com...
    > Hi,
    >
    > The company I work for is developing a product that will auto launch a
    > small
    > application (necessary for the usage of the product) when plugged into a
    > USB
    > port. The application (an .exe file) resides on the device itself, and
    > Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
    > Unfortunately, the way the product was developed, you have to be a local
    > administrator on the machine in order for it to work, at least for Windows
    > 2000 and XP. When it comes to Vista, it seems being a local administrator
    > isn't enough, because for some reason the program still doesn't run with
    > administrative privileges and the end user receives an error. A
    > work-around
    > I've discovered is to browse to the application .exe file and right click
    > on
    > it and choose "run as administrator" (I'm then prompted with the UAC
    > allow/deny - but at least when I choose allow it work) but its annoying to
    > ask the end users to do this each and every time. Additionally, because
    > its
    > set to auto-run, the program launches of the device each time its plugged
    > in
    > and gives the user the administrative rights error. I've tried setting
    > the
    > application .exe file on the device to always run as an administrator, but
    > for some reason when I do this and then next plug the device in, I get
    > stuck
    > in a UAC allow/deny loop. If I copy the application .exe file to the
    > computer and set it to always run as an administrator, it works with only
    > one
    > UAC allow/deny prompt, so I'm not sure why its looping when its set to
    > always
    > run as administrator on the device itself. I'm looking for some sort of
    > work-around that doesn't require the end user to disable UAC and will
    > hopefully allow the end user to either go through one set of steps
    > initially
    > and have it always work after that, or at least get a way to have it so
    > that
    > initially the program doesn't launch in standard mode when plugged in and
    > give the user the administrative error. Any help is greatly appreciated.
    > If
    > you have any questions, please feel free to ask. Thanks.


    With UAC enabled even the administrator account has a "filtered" user token.
    The effect of this filtering is that all but five user rights are unavailble
    unless the user "elevates" the process in some manner to enable the full
    privileges of the account. In your case, you right-clicked on the file and
    chose "Run as Administrator" and you were then presented with the UAC
    elevation prompt. This allowed the application to run underneath the full
    credentials of the Administrator.

    There are several methods that you can use to require the user to elevate a
    process. Perhaps the easiest in your case would be to include a manifest
    file with a trustInfo node and a requestedExecutionLevel equal to
    requireAdministrator. This would automatically show the elevation prompt
    when the program is started if running under UAC.

    For more information, see:
    http://weblogs.asp.net/kennykerr/arc...t-Control.aspx

    Ultimately, you need to determine exactly whay and what privileges your
    application is requesting and determine whether it truly needs them or not.
    If not, you will need to modify your code so that you can remove the
    elevation requirement from your product.

    -Pete



      My System SpecsSystem Spec

  4. #3


    Marc Guest

    Re: Vista UAC interfering with operation of program

    Pete,

    Thanks for the reply. I'm going to forward your suggestion to our
    developers (regarding including a manifest file with a trustInfo node and a
    requestedExecutionLevel equal to requireAdministrator). So basically if this
    was done, everytime the program was started it would automatically be
    elevated to administrative privileges and the UAC prompt would pop up?

    Also, if this was done to the program, would it lose its backwards
    compatibility to WinXP and Win2000?

    Thanks again!

    - Marc

    "Pete Delgado" wrote:

    >
    > "Marc" <Marc@discussions.microsoft.com> wrote in message
    > news:E1A839E1-047F-44A0-B0DA-0413B56BAEB0@microsoft.com...
    > > Hi,
    > >
    > > The company I work for is developing a product that will auto launch a
    > > small
    > > application (necessary for the usage of the product) when plugged into a
    > > USB
    > > port. The application (an .exe file) resides on the device itself, and
    > > Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
    > > Unfortunately, the way the product was developed, you have to be a local
    > > administrator on the machine in order for it to work, at least for Windows
    > > 2000 and XP. When it comes to Vista, it seems being a local administrator
    > > isn't enough, because for some reason the program still doesn't run with
    > > administrative privileges and the end user receives an error. A
    > > work-around
    > > I've discovered is to browse to the application .exe file and right click
    > > on
    > > it and choose "run as administrator" (I'm then prompted with the UAC
    > > allow/deny - but at least when I choose allow it work) but its annoying to
    > > ask the end users to do this each and every time. Additionally, because
    > > its
    > > set to auto-run, the program launches of the device each time its plugged
    > > in
    > > and gives the user the administrative rights error. I've tried setting
    > > the
    > > application .exe file on the device to always run as an administrator, but
    > > for some reason when I do this and then next plug the device in, I get
    > > stuck
    > > in a UAC allow/deny loop. If I copy the application .exe file to the
    > > computer and set it to always run as an administrator, it works with only
    > > one
    > > UAC allow/deny prompt, so I'm not sure why its looping when its set to
    > > always
    > > run as administrator on the device itself. I'm looking for some sort of
    > > work-around that doesn't require the end user to disable UAC and will
    > > hopefully allow the end user to either go through one set of steps
    > > initially
    > > and have it always work after that, or at least get a way to have it so
    > > that
    > > initially the program doesn't launch in standard mode when plugged in and
    > > give the user the administrative error. Any help is greatly appreciated.
    > > If
    > > you have any questions, please feel free to ask. Thanks.

    >
    > With UAC enabled even the administrator account has a "filtered" user token.
    > The effect of this filtering is that all but five user rights are unavailble
    > unless the user "elevates" the process in some manner to enable the full
    > privileges of the account. In your case, you right-clicked on the file and
    > chose "Run as Administrator" and you were then presented with the UAC
    > elevation prompt. This allowed the application to run underneath the full
    > credentials of the Administrator.
    >
    > There are several methods that you can use to require the user to elevate a
    > process. Perhaps the easiest in your case would be to include a manifest
    > file with a trustInfo node and a requestedExecutionLevel equal to
    > requireAdministrator. This would automatically show the elevation prompt
    > when the program is started if running under UAC.
    >
    > For more information, see:
    > http://weblogs.asp.net/kennykerr/arc...t-Control.aspx
    >
    > Ultimately, you need to determine exactly whay and what privileges your
    > application is requesting and determine whether it truly needs them or not.
    > If not, you will need to modify your code so that you can remove the
    > elevation requirement from your product.
    >
    > -Pete
    >
    >
    >


      My System SpecsSystem Spec

  5. #4


    Pete Delgado Guest

    Re: Vista UAC interfering with operation of program


    "Marc" <Marc@discussions.microsoft.com> wrote in message
    news:1B8E0098-5F04-4AFD-B8EC-64EDC9C124B4@microsoft.com...
    > Pete,
    >
    > Thanks for the reply. I'm going to forward your suggestion to our
    > developers (regarding including a manifest file with a trustInfo node and
    > a
    > requestedExecutionLevel equal to requireAdministrator). So basically if
    > this
    > was done, everytime the program was started it would automatically be
    > elevated to administrative privileges and the UAC prompt would pop up?


    Yes. However, depending upon your situation you may also wish to sign your
    executable.

    >
    > Also, if this was done to the program, would it lose its backwards
    > compatibility to WinXP and Win2000?


    No. The trustInfo section of the manifest is ignored by previous operating
    systems except for the following case:

    http://support.microsoft.com/Default.aspx?kbid=921337

    >
    > Thanks again!


    No problem.

    -Pete




      My System SpecsSystem Spec

  6. #5


    Marc Guest

    Re: Vista UAC interfering with operation of program

    Thanks again for all the help. Is there any way we can avoid changing the
    software, but rather make a setting change, etc. to Windows Vista (aside from
    disabling UAC altogether) that would allow the software to run correctly when
    it is first plugged in and auto-launched via auto-play. I've tried checking
    the box under the properties for the .exe application to "always run this
    program as an administrator" but this just creates a UAC elevation prompt
    loop. Any help is greatly appreciated. Thanks.

    "Pete Delgado" wrote:

    >
    > "Marc" <Marc@discussions.microsoft.com> wrote in message
    > news:1B8E0098-5F04-4AFD-B8EC-64EDC9C124B4@microsoft.com...
    > > Pete,
    > >
    > > Thanks for the reply. I'm going to forward your suggestion to our
    > > developers (regarding including a manifest file with a trustInfo node and
    > > a
    > > requestedExecutionLevel equal to requireAdministrator). So basically if
    > > this
    > > was done, everytime the program was started it would automatically be
    > > elevated to administrative privileges and the UAC prompt would pop up?

    >
    > Yes. However, depending upon your situation you may also wish to sign your
    > executable.
    >
    > >
    > > Also, if this was done to the program, would it lose its backwards
    > > compatibility to WinXP and Win2000?

    >
    > No. The trustInfo section of the manifest is ignored by previous operating
    > systems except for the following case:
    >
    > http://support.microsoft.com/Default.aspx?kbid=921337
    >
    > >
    > > Thanks again!

    >
    > No problem.
    >
    > -Pete
    >
    >
    >
    >


      My System SpecsSystem Spec

  7. #6


    Seth Guest

    Re: Vista UAC interfering with operation of program

    "Marc" <Marc@discussions.microsoft.com> wrote in message
    news:5AA3E27F-274E-4B3A-918E-D7E1A76F34BC@microsoft.com...
    > Thanks again for all the help. Is there any way we can avoid changing the
    > software, but rather make a setting change, etc. to Windows Vista (aside
    > from
    > disabling UAC altogether) that would allow the software to run correctly
    > when
    > it is first plugged in and auto-launched via auto-play. I've tried
    > checking
    > the box under the properties for the .exe application to "always run this
    > program as an administrator" but this just creates a UAC elevation prompt
    > loop. Any help is greatly appreciated. Thanks.



    You might look into making a custom "shim" to act as a wrapper around your
    app.

    But the proper answer is to modify the app to be Vista compliant.


      My System SpecsSystem Spec

  8. #7


    Pete Delgado Guest

    Re: Vista UAC interfering with operation of program


    "Marc" <Marc@discussions.microsoft.com> wrote in message
    news:5AA3E27F-274E-4B3A-918E-D7E1A76F34BC@microsoft.com...
    > Thanks again for all the help. Is there any way we can avoid changing the
    > software, but rather make a setting change, etc. to Windows Vista (aside
    > from
    > disabling UAC altogether) that would allow the software to run correctly
    > when
    > it is first plugged in and auto-launched via auto-play. I've tried
    > checking
    > the box under the properties for the .exe application to "always run this
    > program as an administrator" but this just creates a UAC elevation prompt
    > loop. Any help is greatly appreciated. Thanks.


    I don't *think* so. There are a variety of things that you may be able to
    try programmatically, but ultimately it will come down to the fact that it
    would be a huge security risk to allow an arbitrary program to run from a
    removable disk on connection. If you recall, this is how many viruses were
    transmitted via floppy drive.

    -Pete



      My System SpecsSystem Spec


Vista UAC interfering with operation of program
Similar Threads
Thread Forum
MSN interfering with WLM Live Mail
Vista interfering with printer driver install Vista General
Media Center Interfering Vista General
Dual Boot XP/Vista - any known problems with Vista interfering with XP MBR? Vista General
Interfering once opening a game Vista Games