"Marc" <Marc@discussions.microsoft.com> wrote in message
> The company I work for is developing a product that will auto launch a
> application (necessary for the usage of the product) when plugged into a
> port. The application (an .exe file) resides on the device itself, and
> Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
> Unfortunately, the way the product was developed, you have to be a local
> administrator on the machine in order for it to work, at least for Windows
> 2000 and XP. When it comes to Vista, it seems being a local administrator
> isn't enough, because for some reason the program still doesn't run with
> administrative privileges and the end user receives an error. A
> I've discovered is to browse to the application .exe file and right click
> it and choose "run as administrator" (I'm then prompted with the UAC
> allow/deny - but at least when I choose allow it work) but its annoying to
> ask the end users to do this each and every time. Additionally, because
> set to auto-run, the program launches of the device each time its plugged
> and gives the user the administrative rights error. I've tried setting
> application .exe file on the device to always run as an administrator, but
> for some reason when I do this and then next plug the device in, I get
> in a UAC allow/deny loop. If I copy the application .exe file to the
> computer and set it to always run as an administrator, it works with only
> UAC allow/deny prompt, so I'm not sure why its looping when its set to
> run as administrator on the device itself. I'm looking for some sort of
> work-around that doesn't require the end user to disable UAC and will
> hopefully allow the end user to either go through one set of steps
> and have it always work after that, or at least get a way to have it so
> initially the program doesn't launch in standard mode when plugged in and
> give the user the administrative error. Any help is greatly appreciated.
> you have any questions, please feel free to ask. Thanks.
With UAC enabled even the administrator account has a "filtered" user token.
The effect of this filtering is that all but five user rights are unavailble
unless the user "elevates" the process in some manner to enable the full
privileges of the account. In your case, you right-clicked on the file and
chose "Run as Administrator" and you were then presented with the UAC
elevation prompt. This allowed the application to run underneath the full
credentials of the Administrator.
There are several methods that you can use to require the user to elevate a
process. Perhaps the easiest in your case would be to include a manifest
file with a trustInfo node and a requestedExecutionLevel equal to
requireAdministrator. This would automatically show the elevation prompt
when the program is started if running under UAC.
For more information, see:
Ultimately, you need to determine exactly whay and what privileges your
application is requesting and determine whether it truly needs them or not.
If not, you will need to modify your code so that you can remove the
elevation requirement from your product.