Vista UAC interfering with operation of program

[Guest]

Hi,

The company I work for is developing a product that will auto launch a small
application (necessary for the usage of the product) when plugged into a USB
port. The application (an .exe file) resides on the device itself, and
Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
Unfortunately, the way the product was developed, you have to be a local
administrator on the machine in order for it to work, at least for Windows
2000 and XP. When it comes to Vista, it seems being a local administrator
isn't enough, because for some reason the program still doesn't run with
administrative privileges and the end user receives an error. A work-around
I've discovered is to browse to the application .exe file and right click on
it and choose "run as administrator" (I'm then prompted with the UAC
allow/deny - but at least when I choose allow it work) but its annoying to
ask the end users to do this each and every time. Additionally, because its
set to auto-run, the program launches of the device each time its plugged in
and gives the user the administrative rights error. I've tried setting the
application .exe file on the device to always run as an administrator, but
for some reason when I do this and then next plug the device in, I get stuck
in a UAC allow/deny loop. If I copy the application .exe file to the
computer and set it to always run as an administrator, it works with only one
UAC allow/deny prompt, so I'm not sure why its looping when its set to always
run as administrator on the device itself. I'm looking for some sort of
work-around that doesn't require the end user to disable UAC and will
hopefully allow the end user to either go through one set of steps initially
and have it always work after that, or at least get a way to have it so that
initially the program doesn't launch in standard mode when plugged in and
give the user the administrative error. Any help is greatly appreciated. If
you have any questions, please feel free to ask. Thanks.

- Marc

 

[Pete Delgado]

Hi,

The company I work for is developing a product that will auto launch a
small
application (necessary for the usage of the product) when plugged into a
USB
port. The application (an .exe file) resides on the device itself, and
Windows recognizes the device as a USB Mass Storage Device / CD-ROM.
Unfortunately, the way the product was developed, you have to be a local
administrator on the machine in order for it to work, at least for Windows
2000 and XP. When it comes to Vista, it seems being a local administrator
isn't enough, because for some reason the program still doesn't run with
administrative privileges and the end user receives an error. A
work-around
I've discovered is to browse to the application .exe file and right click
on
it and choose "run as administrator" (I'm then prompted with the UAC
allow/deny - but at least when I choose allow it work) but its annoying to
ask the end users to do this each and every time. Additionally, because
its
set to auto-run, the program launches of the device each time its plugged
in
and gives the user the administrative rights error. I've tried setting
the
application .exe file on the device to always run as an administrator, but
for some reason when I do this and then next plug the device in, I get
stuck
in a UAC allow/deny loop. If I copy the application .exe file to the
computer and set it to always run as an administrator, it works with only
one
UAC allow/deny prompt, so I'm not sure why its looping when its set to
always
run as administrator on the device itself. I'm looking for some sort of
work-around that doesn't require the end user to disable UAC and will
hopefully allow the end user to either go through one set of steps
initially
and have it always work after that, or at least get a way to have it so
that
initially the program doesn't launch in standard mode when plugged in and
give the user the administrative error. Any help is greatly appreciated.
If
you have any questions, please feel free to ask. Thanks.

With UAC enabled even the administrator account has a "filtered" user token.
The effect of this filtering is that all but five user rights are unavailble
unless the user "elevates" the process in some manner to enable the full
privileges of the account. In your case, you right-clicked on the file and
chose "Run as Administrator" and you were then presented with the UAC
elevation prompt. This allowed the application to run underneath the full
credentials of the Administrator.

There are several methods that you can use to require the user to elevate a
process. Perhaps the easiest in your case would be to include a manifest
file with a trustInfo node and a requestedExecutionLevel equal to
requireAdministrator. This would automatically show the elevation prompt
when the program is started if running under UAC.

For more information, see:
http://weblogs.asp.net/kennykerr/ar...1320_-Part-4-_1320_-User-Account-Control.aspx

Ultimately, you need to determine exactly whay and what privileges your
application is requesting and determine whether it truly needs them or not.
If not, you will need to modify your code so that you can remove the
elevation requirement from your product.

-Pete

 

[Guest]

Pete,

Thanks for the reply. I'm going to forward your suggestion to our
developers (regarding including a manifest file with a trustInfo node and a
requestedExecutionLevel equal to requireAdministrator). So basically if this
was done, everytime the program was started it would automatically be
elevated to administrative privileges and the UAC prompt would pop up?

Also, if this was done to the program, would it lose its backwards
compatibility to WinXP and Win2000?

Thanks again!

- Marc

 

[Guest]

Pete,

Thanks for the reply. I'm going to forward your suggestion to our
developers (regarding including a manifest file with a trustInfo node and a
requestedExecutionLevel equal to requireAdministrator). So basically if this
was done, everytime the program was started it would automatically be
elevated to administrative privileges and the UAC prompt would pop up?

Also, if this was done to the program, would it lose its backwards
compatibility to WinXP and Win2000?

Thanks again!

- Marc

 

[Pete Delgado]

Pete,

Thanks for the reply. I'm going to forward your suggestion to our
developers (regarding including a manifest file with a trustInfo node and
a
requestedExecutionLevel equal to requireAdministrator). So basically if
this
was done, everytime the program was started it would automatically be
elevated to administrative privileges and the UAC prompt would pop up?

Yes. However, depending upon your situation you may also wish to sign your
executable.

Also, if this was done to the program, would it lose its backwards
compatibility to WinXP and Win2000?

No. The trustInfo section of the manifest is ignored by previous operating
systems except for the following case:

http://support.microsoft.com/Default.aspx?kbid=921337

Thanks again!

No problem.

-Pete

 

[Guest]

Thanks again for all the help. Is there any way we can avoid changing the
software, but rather make a setting change, etc. to Windows Vista (aside from
disabling UAC altogether) that would allow the software to run correctly when
it is first plugged in and auto-launched via auto-play. I've tried checking
the box under the properties for the .exe application to "always run this
program as an administrator" but this just creates a UAC elevation prompt
loop. Any help is greatly appreciated. Thanks.

 

[Seth]

Thanks again for all the help. Is there any way we can avoid changing the
software, but rather make a setting change, etc. to Windows Vista (aside
from
disabling UAC altogether) that would allow the software to run correctly
when
it is first plugged in and auto-launched via auto-play. I've tried
checking
the box under the properties for the .exe application to "always run this
program as an administrator" but this just creates a UAC elevation prompt
loop. Any help is greatly appreciated. Thanks.

You might look into making a custom "shim" to act as a wrapper around your
app.

But the proper answer is to modify the app to be Vista compliant.

 

[Pete Delgado]

Thanks again for all the help. Is there any way we can avoid changing the
software, but rather make a setting change, etc. to Windows Vista (aside
from
disabling UAC altogether) that would allow the software to run correctly
when
it is first plugged in and auto-launched via auto-play. I've tried
checking
the box under the properties for the .exe application to "always run this
program as an administrator" but this just creates a UAC elevation prompt
loop. Any help is greatly appreciated. Thanks.

I don't *think* so. There are a variety of things that you may be able to
try programmatically, but ultimately it will come down to the fact that it
would be a huge security risk to allow an arbitrary program to run from a
removable disk on connection. If you recall, this is how many viruses were
transmitted via floppy drive.

-Pete