Documenting the command line that UAC attempts to launch

G

Guest

Is there a way to set UAC to capture or log the entire command line of a
program including all switches that is requesting elevation? I have an
unknown potentially suspicious program that is requesting elevation and I am
unable to see the entire command line or path to the binary to investigate
it. To be safe, I have declined running the program, and briefly examined
the Windows event logs but have not been able to find the details I am
looking for.
As a temporary work-around, I am going to connect via remote desktop to
take a screenshot of the UAC prompt, but this only gives me part of the
command since the display dialog cuts of the text.
 
M

Mark Blain

Is there a way to set UAC to capture or log the entire command
line of a
program including all switches that is requesting elevation? I have
an unknown potentially suspicious program that is requesting elevation
and I am unable to see the entire command line or path to the binary
to investigate it. To be safe, I have declined running the program,
and briefly examined the Windows event logs but have not been able to
find the details I am looking for.
As a temporary work-around, I am going to connect via remote
desktop to
take a screenshot of the UAC prompt, but this only gives me part of
the command since the display dialog cuts of the text.
Click to expand...

Darned good question. I'm hoping someone else will explain how to add
**auditing** for UAC elevation prompts to the Vista event log.
In the meantime:

There are utilities that let you grab text from most dialog boxes.
Try SysExporter.
<http://www.raymond.cc/blog/archives...or-messages-from-any-dialog-boxes-in-windows/>
I don't know if it works with the UAC prompt. Hint: turn on every
option under "Filter", click an item in the list, and the associated
text is displayed underneath.
 
R

Robinson Zhang [MSFT]

Hi,

Based on my knowledge, we cannot set UAC to capture or log your request.
However, I hope Standard User Analyzer can help you. Standard User Analyzer
(SUA) tool enables you to test your applications to detect potential
compatibility issues due to the User Account Control (UAC) feature.

For more information, please refer to the following links:

Standard User Analyzer Technical Reference
http://technet.microsoft.com/en-us/library/cc765948(WS.10).aspx

Microsoft Application Compatibility Toolkit 5.5
http://www.microsoft.com/downloads/details.aspx?FamilyID=24DA89E9-B581-47B0-
B45E-492DD6DA2971&displaylang=en

Thanks.

Best regards,

Robinson Zhang
Microsoft Online Support
 
F

FromTheRafters

Is there a way to set UAC to capture or log the entire command line
of a program including all switches that is requesting elevation? I
have an unknown potentially suspicious program that is requesting
elevation and I am unable to see the entire command line or path to
the binary to investigate it. To be safe, I have declined running the
program, and briefly examined the Windows event logs but have not been
able to find the details I am looking for.
As a temporary work-around, I am going to connect via remote
desktop to take a screenshot of the UAC prompt, but this only gives me
part of the command since the display dialog cuts of the text.
Click to expand...

You might look into having the prompt not displayed on the secure
desktop, and then seeing if it acts differently on the user's desktop.
 
R

Robinson Zhang [MSFT]

Hi,

I am currently standing by for an update from you and would like to know
how things are going. If you have any questions or concerns on the recent
information I've provided you, please don't hesitate to let me know.

Best regards,

Robinson Zhang
Microsoft Online Support
 
G

Guest

Sorry for the delay in responding Robinson Zhang, it looks like UAC
doesn't have the logging features I need, so it looks like I'll need to use
one of the Sysinternals tools instead to try and capture the program syntax.
 
R

Robinson Zhang [MSFT]

Hi,

Thank you for your reply and I understand you will use Sysinternals tool as
a workaround to your problem. Regarding the UAC logging features, I will
add it as a feature request to Microsoft's database. Thank you for your
effort on the issue.

If you have any other questions or concerns, please do not hesitate to
contact us. It is always our pleasure to be of assistance.

Have a nice day.

Robinson Zhang
Microsoft Online Support
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help: command line with no UAC interferance? 10
ANS: "What's the deal with UAC (Windows Needs Your Permission screens)" and "...But I thought I was 199
How to modify "Program Files" from the command prompt with UAC on? 3
Hyperlink to launch WMPlayer with command line 5
command line options/switches to print excel file 1
command line options/switches to print excel file 2
How to call DNS from command line / resolve domain name? 4
send command line to the RUN BOX 1

Top