16

I need one of my .exe to always run as administrator without UAC prompt. My program will be installed with setup, which will have for one time admin rights, and I need to perform such step in this setup that my exe will be always executed as admin without UAC prompt.

I've found 2 solutions so far:

1. Use custom service, which will elevate the program for me.

2. Use Task Scheduler.

Is there any other solution? Some manifest probably?

Thanks.

Improve this question
1
  • 2
    You could contact MSFT and ask for your app to be put in a special "UAC exclusion list". Not so sure that will work out, they don't put their own programs on that list. Yes, scheduled task, it takes admin privs to add it.
    – Hans Passant
    Commented Mar 21, 2010 at 22:31

2 Answers 2

Reset to default
29

If it were possible to do this, then UAC would be completely ineffective. The inability of applications to elevate themselves without user consent is the fundamental principle behind UAC.

Aside from already having an elevated process that launches it (i.e. service or task scheduler), the answer is no, it can't be done.

Improve this answer
13
  • 9
    Sounds like someone wants to write a virus.
    – Karl
    Commented Mar 21, 2010 at 20:49
  • 4
    @Karl: I don't presume to know his motivation - lots of legitimate software products try to do similarly obnoxious things that Windows explicitly prohibits, like steal focus or install shortcuts in the Quick Launch. Of course, such programs usually crash and burn when there's anything "non-standard" about the installation like directory structure or language.
    – Aaronaught
    Commented Mar 21, 2010 at 20:57
  • 7
    No I don't want to write a virus :-D I need elevated application since I'm writing automation application which will send clicks to apps, and I need admin rights if I want to click in elevated processes. But I don't want to bother the user with prompts. I've solved it using the service, which gets installed with the setup, hovewer I would like some more elegant solution not requiring service, because service adds additional complexity to the program.
    – Paya
    Commented Mar 21, 2010 at 21:01
  • 1
    @Aaronaught: Well I don't want the app to elevate itself or break any UAC rules, I just need the setup to perform such steps, that the app will get always elevated. The setup will be elevated, so it CAN perform such steps, as installing the service or using task scheduler. I'm just looking for other solutions...
    – Paya
    Commented Mar 21, 2010 at 21:08
  • 2
    @tyranid: I dislike A/V products intensely, and not for only that reason, but I think we're getting a little off-topic here. When you install an A/V product, you expect it to run as a service with local system privileges; however, you don't expect an application to sneak a service onto your system in order to bypass the UAC prompt when running with elevated privileges. That's distinctly malware-like behaviour, which again, might make sense in a locked-down corporate environment but would almost certainly be unacceptable for a retail application.
    – Aaronaught
    Commented Mar 22, 2010 at 2:39
10

Of course what you are supposed to do if you want to just drive UI is to use the UI access flag in your manifest (see http://msdn.microsoft.com/en-us/library/ms742884.aspx). If you install your application in a trusted location (e.g. system32) and it is signed (bleh!) then when you run your application it will be elevated to high (for an admin account).

The signing requirement makes it slightly annoying but at least it reduces slightly the attack surface as your code gets run with high integrity but not with an administrator token.

Improve this answer
2
  • Thank you very much. This looks very interesting. I would sign my app anyway in the future. And if I would get higher integrity level without admin token, that's exactly what I need.
    – Paya
    Commented Mar 21, 2010 at 23:14
  • BTW I've found very cheap COMODO certificates here: secure.ksoftware.net/code_signing.html
    – Paya
    Commented Mar 22, 2010 at 13:33

Not the answer you're looking for? Browse other questions tagged or ask your own question.