I have a binary which creates and later removes entries from Program and Features (also comes up in Add/Remove Programs). While I can get UAC permissions when creating the entries, my requirements do not allow me to show a UAC prompt when I need to remove the entries. This makes sense as you should need admin permissions when deleting registry entries from HKLM.
But I have noticed that I am able to uninstall the entries from the Program and Features window without a UAC prompt. How is uninstalling from there, which invokes my binary anyways, different from me invoking my binary directly? Is there some way I can run my binary the same way and avoid the UAC prompt?
By default, UAC gives special treatment to the built-in Windows control panels, allowing them to silently elevate. Because of this, when your uninstaller is launched from Programs and Features it is already elevated and does not need to prompt.
There is no way to make Windows treat a third-party application in the same way, although the user can change the settings so that all applications elevate silently - or, conversely, so that control panels don't elevate silently.
Related
When users try to uninstall their own single user installation (for example installed using lowestprivileges none and HKCU entries) with 'Add/Remove Programs' in the Control Panel, everything works fine (that is, non-admin users can uninstall their own non-admin installation).
However the uninstaller will be elevated, when users start it from 'Apps & features' (Windows 10).
This seems to be a known Windows 10 bug:
How to prevent uninstaller elevating for Standard Windows 10 user?
Is there a way to work-around this issue when the Inno Setup uninstaller is started from 'Apps & features'?
Link this NSIS Workaround for Windows uninstaller elevation bug.
You will have to do exactly what that NSIS hack does.
Find out what is the Windows GUI user (and assume that you should uninstall as that user). Alternatively, you can store the username into some file in the installation folder.
Re-execute the installer as that user. That hack uses StdUtils NSIS plug-in with its ExecShellAsUser function. Maybe the DLL can be used from Inno Setup. If not, you can at least reuse its code.
All this is imo to much to ask in a single question. If you have specific problems, consider asking more specific questions.
Simpler alternative would be to prevent the uninstallation, when executed as different user, and show a suggestion to the user to go to Control panel instead.
For a similar question, see Uninstaller trouble with standard Windows user.
We have an ancient win32 product that some customers still want to run in Windows 10, but in some cases several of its components (win32 executables) produce said message when run, while installing and after installing :
"Do you want to allow this app/program to make changes in your PC".
Is there any documentation of what Windows checks to emit the message ?
The message you're seeing is the UAC prompt, and it appears because Windows thinks the program wants admin privileges.
Ancient programs don't have manifests. Modern versions of Windows guess at whether really old programs require admin privileges. If the name of the program sounds like it would be an installer (e.g., setupfoo.exe), it will assume the program needs admin.
But many really old programs, even if they're not installers, often want admin privileges because they often try to do things like save files in the program's installation directory or change machine-wide registry values. If Windows detects a program attempting this and failing because it doesn't have admin privs, it might adjust the program's compatibility options so that next time it runs as an administrator. To check this, right-click on the executable file, choose Properties, and select the Compatibility tab. There you'll find a checkbox named "Run this program as an administrator."
To check if your program has a manifest, open the .EXE in Visual Studio (with just the regular open file command), or other resource viewer/editor tool, and look in the resources to see if it has an RT_MANIFEST resource.
If there is no manifest and the program is well-behaved, you can add one that sets the <requestedExecutionLevel> node to asInvoker.
If it has a manifest, look at the <requestedExecutionLevel> node in the XML. If it's there and it says requiresAdministrator, then there's probably nothing you can do. If it already says asInvoker, then something else is going wrong.
To provide or replace the manifest you have two options. You can create an external manifest file and place it in the same folder with the executable (for some versions of Windows, you also have to tell Windows to rely on the external manifest by changing a registry value).
Alternatively, you can use the manifest tool (mt.exe, which comes with Visual Studio) to embed an appropriate manifest in the executable itself (make a backup of the executable first!). In either case, you want to set the <requestedExecutionLevel> node to asInvoker to avoid the UAC prompt.
Note that, if the program really does need admin privileges, then providing a manifest that says it doesn't will cause the program to fail certain operations. The program might crash, or it might appear to work but silently fail to do something important (like saving your work).
Also note that manifests control other important things that you may have to get right, like marking whether the application is DPI-aware or what Windows versions it supports. So, if you try to add a manifest just to add asInvoker, you might also have to add some other important values. MSDN has lots of documentation on manifests and the manifest tool.
My MFC app usually runs with admin rights, however, there is one operation which needs admin privileges (activation of the software where the status must be saved to HKLM).
For now, I created two .exe files: The ordinary app and "Activation.exe" which must run as admin and has requestedExecutionLevel=requireAdministrator in the Manifest. The activation is started with a button which makes ShellExecute(Activation.exe).
However, both applications share lots of code so I would like to merge the two exe into one exe. But how do I make sure then that specific parts of the code are executed with admin privileges? This method should/must be compatible down to NT4.
One idea is to integrate the functionality of Activation.exe in the main exe using a switch (e.g. "myapp.exe -activate"). A small bootstrapper makes sure that it can only run as admin (requireAdministrator in Manifest) and does nothing more than ShellExec(myapp.exe -activate). But is this really the best way?
I don't know if it's the best way (no-one answered) but I did that now :) The bootstrapper has just requireAdministrator in the Manifest and does a ShellExecute to the main executeable with switch "/Activate" ...
I would typically use a call to ShellExecuteEx with a verb of runas to launch any executable as administrator, even if it's manifested asInvoker.
Note that on systems where UAC has been disabled, the resulting launch may not receive administrator privileges; I believe this caveat also applies to the approach of launching an exe manifested requireAdministrator.
Firstly I want to emphasize that I'm not trying to do anything "nasty" or "hackerish", nor am I trying to hide anything from user here.
During installations (using InstallShield LE) of my application user is prompted by Windows UAC to allow it to run in Administrator mode; If user accepts it - installation continues (standard behavior) and user again can check the option to add this program to autorun list (by adding a registry key to HKLM/../Run). All is fine and normal. But after every Windows restart, when this application starts, UAC kicks in and asks for user permission. Question is, how to avoid it, since it's a bit annoying (yet my app needs Administrator privileges to run)?
I mean user already granted such permissions on installation, so I cannot see a reason why it needs to be prompted on every startup? Moreover, I believe most antivirus software and such, also require elevated permissions to operate, but UAC doesn't prompt for it at Windows Startup.
Thank you for any advises, information, comments or solutions.
Does your application really need to start elevated? Or will it need to elevated access later when the user uses it to perform an action? If you can, drop the later admin task into a separate exe, allowing the main exe to start with no elevation - when you shellexecute the worker process later it will UAC on demand.
At install time, as you have noted, you have elevated the installer. If you want to run elevated code on subsequent runs, automatically, this is the point to install a service - which is what all those other apps you mentioned do.
You can't get around UAC for a process started in an interactive session. You could use a service running as a privileged user but you would be far better off finding a way to do whatever you do without requiring admin rights.
It's not possible for a program to run elevated without prompting. What you want to do is factor those portions of your application that need elevation into a windows service that runs as system. Then your autostarting application can make remoting calls to the service to delgate those activities that the user can't do without elevating.
Not done it but I found this article Selectively disable UAC for your trusted Vista applications that says use 'Application Compatibility Toolkit' from microsoft.
The Compatibility Administrator allows you to create a database of
compatibility fixes that will allow you to run certain applications
without an accompanying UAC.
Run the Compatibility Administrator as admin
select a new database template
Click the Fix button on the toolbar. When you see the Create New Application Fix wizard ... enter details about your app
Select a Compatibility Level
Select RunAsInvoker as the fix
It seems that the last one
Selecting the RunAsInvoker option will allow the application to launch
without requiring the UAC prompt.
Should do what you want provided that the invoker is admin and I think you can do this at start up using the scheduler : Create Administrator Mode Shortcuts Without UAC Prompts in Windows 7 or Vista
As you can see it runs your app in the compatibility mode which may or may not be acceptable for you.
I'm marking this as a community wiki because I'm not really looking for one complete answer. So if you feel like posting one or two things that will activate the UAC prompt instead of a comprehensive list then go ahead.
What actions in Windows will activate UAC? I'd like to avoid it as much as possible because my application doesn't need admin privileges. And I'm sure many other people want to avoid it.
Specifically, I would like to know if reading from the registry would activate it. Or writing to it?
You don't need to address the above question, just anything that will activate it is fair game.
It's really hard to Google anything about UAC because you get bombarded with articles about how to disable it. And I'd rather not have my application make the assumption UAC is disabled.
Nothing "activates" UAC.
If your application would fail to run as a standard user under Windows XP it will fail to run under Windows Vista or Windows 7 as a standard user.
What you are really asking is: what actions can a standard user not perform under Windows?
The things a standard user cannot do are pretty well known (they've been the same since Windows 2000). The main ones are:
modify anything in HKEY_LOCAL_MACHINE
modify anything in the Windows directory
modify anything in the Program Files folder
If you try to do any of those they will fail on:
Windows 2000
Windows XP
Windows Vista
Windows 7
Nobody should have been running as an administrator for day-to-day computer use. If your application did any of those bad things in Windows XP it would fail. The user would have to:
logon (or fast user switch) to an administrator
perform the administrative task
switch back to their real account
UAC is a convience mechanism, allowing you to easily temporarily switch to an administrator. Nothing you do will "trigger" it; you have to make it happen.
If you know your code needs to modify a file in C:\Program Files\My App\Data, then you should add a button on your form that will trigger the elevation.
You then need to launch an (elevated) copy of your program, do the thing, and close.
I created a launch4j installer (an exe-wrapper for java programs) and named it "MyApp.exe". It doesn't need any admin authentication. It just runs fine without any UAC prompt.
BUT: If I rename this installer to "install.exe" or "setup.exe", the UAC icon appears and I get a UAC promp when starting the installer.
Seems as if there are some "reserved words" in filenames that cause windows to start a program with elevated rights (UAC).