How to screen shot a UAC prompt? - windows

I'm trying to document a work flow with a series of screen shots. At one point in the flow, a UAC prompt appears, and I'd like to grab a bitmap of it to make my storyboard complete. Because UAC prompts are on a virtual desktop (or something like that), the usual Alt+PrintScreen doesn't work. Any suggestions?

This method using the group policy editor should do the job:
1) Run gpedit.msc 2) Under Computer
Configuration\Windows
Settings\Security Settings\Local
Policies\SecurityOptions:
Change “User Account Control: Switch
to the secure desktop when prompting
for elevation” to disabled
Undo this change after the screenshot, because it makes the system less secure!

Change your UAC settings to disable the secure desktop, and then you can take the screenshot. In Windows 7, this is one of the options on the UAC slider, in Vista, I believe you need to configure the Security Policy.
Alternatively, run Windows in a VM and take a screenshot of that.

You can also remote desktop to the Windows 7 machine and run the screenshotter (or video capture) on the other machine. I've used this very successfully.

A step by step Guide
Step 1. Right click on the Program that you want to install and choose 'Run as administrator'.
Step 2. Now when the UAC Prompt appears, click on 'Change when these notifications appear'.
Step 3. Take the security Bar one-step down. Be sure to find that 'do not dim my desktop' is in the description. Now click on 'OK'.
Click on 'yes' when the UAC ask for permission.
Step 4. Now close all UAC Prompt dialog box. Again start from the beginning. You are now able to take a screenshot of the UAC Prompt dialog box with keyboard's print screen button or ms snipping tool.
Note that it will make your system less secure. So, make the security level as previous after the completion of your need.

Alternative to Michael Goldshteyns answer
You can more quickly achieve the same by copying the first registry command below and pasting it into an elevated command prompt, then hit enter.
To turn off PromptOnSecureDesktop:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V "PromptOnSecureDesktop" /T "REG_DWORD" /D "0x00000000" /F 1>NUL
This will turn off SecureDesktop, leaving the computer vulnerable, but you will be able to screenshot the UAC prompts.
All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
To turn on PromptOnSecureDesktop:
This will turn on SecureDesktop.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V "PromptOnSecureDesktop" /T "REG_DWORD" /D "0x00000001" /F 1>NUL
All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
⚠ Important: After you are done, make sure you revert the command by turning PromptOnSecureDesktop off.

Simple method: Use windows accessory SnippingTool from MS. It just works!

Related

how to make a vbscript do something when a program is open

So What I need is for when cmd.exe is open run a MsgBox and close cmd.exe
such as:
' Code for when cmd.exe loads
MsgBox("Command Prompt Disabled")
' closes command prompt
Thanks!
I need actual code
Don't use a vbscript to do this.... use a GPO.. because if someone disables that script your security control is broken.
If you're editing for a single user/single machine...
It might be faster to write a registry vb script or batch file with your control instead of using a GPO for each user you don't want using it. Create the system key if system does not exist in the Windows Key. The Caveat, is you have other controls that won't prevent disabling this with about 5-minutes of Google Searching.
reg add "HKCU\Software\Policies\Microsoft\Windows\System"
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t REG_DWORD /v DisableCmd /d 2
Using Gpedit or OU-Level assigned policies for Non-Admins
User configuration\Administrative Templates\System\Prevent access to the command prompt
Other policies to consider adding to Non-Admin User groups.
User configuration\Administrative Templates\System\Prevent access to registry editing tools
User configuration\Administrative Templates\System\Don't run specified Windows Applications

Run Explorer as the Admin Account In the Standard User's Environment

This is more of a pet project, as I like to try my best to batch script whatever I feel like without using a 3rd party app. I understand it would be easier that way, but I want to just try this for the heck of it. I understand the basic issue might just be the way the shell executes explorer, as I know it was NOT intended to run like this.
I have a standard user account and a batch script:
#echo OFF
FOR /F "usebackq" %%i IN (`hostname`) DO SET COMPNAME=%%i
ECHO Computer %COMPNAME%
TASKKILL /F /IM explorer.exe
runas /user:"%COMPNAME%"\ADMIN "C:\Windows\System32\cmd.exe"
Echo.
Echo Press Enter once you are finished
Pause
TASKKILL /F /IM explorer.exe
explorer.exe
Exit
Basically each computer's name is the hostname of the computer, so I created a variable to process that. Then I have it kill explorer, then run CMD as the admin account. (I can replace this with Explorer as well.) Then when CMD opens I type explorer.exe and it opens the admin account with full access. The script runs fine, no issues at all with the script. But in regards to the environment, there are 2 issues I am running into.
Windows 7 everything works fine, every program I open is ADMIN, even the start menu user profile title at the top right of the start menu says ADMIN, until I open Administrative tools, then every application I open from there uses the standard user, such as computer management. I assume explorer processes the command off of the local user environment which is why. I know I can just use compmgmt as an admin to solve that, but I want to know the specific reason why Explorer is swapping, is it as simple as the shell uses the local environment and that is just how it is?
On Windows 10, the script process successfully, but Explorer runs extremely slow. Every other program runs fine, cmd, compmgmt, regedit, Firefox, etc... But Explorer is slow, I'm talking 5 minutes to open the favorites window, and the start menu will not open at all. I checked process explorer and nothing takes it up, except the standard get resolution and other graphic handles. I assume it might be just the way this Shell operates.
Anyway, I understand this is not ideal, and that there are far easier ways to do it, and that Explorer.exe was never intended to be run like this. I just wanted to try for my own personal creativity. Any help would be greatly appreciated.
Thanks,

How to implement custom UAC privilege UI?

When deleting a file in Windows Explorer (Windows 7), if admin privileges are required to delete the file, this dialog is displayed:
Is there a way to achieve this kind of effect in my app?
Currently I am launching a process 'as administrator' to perform the same sort of action (replacing a file rather than deleting it), so the user is shown the generic UAC dialog, asking:
"Do you want to allow the following program to make changes to this computer?"
Is the kind of helpful UI shown by Explorer (as opposed to the generic UAC dialog) possible in a 3rd party app?
I'm guessing no, since it would allow 3rd parties to elevate privileges in a sneaky way.
Use Button_SetElevationRequiredState to add the shield to the button. When the user pushes the button, use the COM elevation moniker to create the helper object.
The default setting on Windows 7 is for most system components to not show the UAC dialog.
If you change your setting to always prompt, you will see that clicking Continue in the Explorer dialog would create the normal UAC prompt.
As a non-system binary, your code would always prompt except at the most lenient UAC setting (never prompt.)

Stop CMD from always opening with administrator privileges

No matter how I open it, cmd.exe always opens with admin privileges. How can I open it without? Is there some registry setting missing? Even if I open it directly from the run dialog or by double clicking in the system32 folder it still opens with admin privs.
Thanks.
Found out I was missing a registry key. In HKEY_CLASSES_ROOT\Directory\shell\cmd I was missing the String Value "Extended". Added this back in and restarted the machine got rid of the defaulting to admin privileges.
EDIT: I had UAC turned off for my profile (to stop incessant "are you sure you want to open this .exe" warnings), and turning that back on has stopped cmd always running with greater privileges.
After some unclear actions (switch UAC on/off ?) I ended up in the same situation as described above:
Cmd.exe always starts in Adminstration mode.
Linking in VS failed with the message:
Project : error PRJ0003 : Error spawning 'C:\windows\system32\cmd.exe'.
The Properties | Compatibility tab is greyed out, so switching this off seems impossible (Compatibility modes cannot be set on this program because it is part of this version of Windows).
To recover from this situation you have to edit the registry to remove the RUNASADMIN preferences that is associated with cmd.exe.
The 'RUNASADMIN' preference is stored in these registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Delete the values named c:\windows\system32\cmd.exe and you are back in business !
Kees
Right click on the cmd.exe, select properties and check the compatibility tab. Is the Run this program as an administrator checkbox checked?
This is only happening because you're logged in as a user with administrative privileges.
Since doing so defeats the entire Windows security model, you shouldn't be doing that in the first place. Create a standard user account and log in with that, instead. The command prompt should then not open with administrative privileges since you don't have administrative privileges.
If, as a standard user, you need to open a command prompt with administrative privileges, you'll need to right-click on the shortcut and select the "Run as Administrator" option (just look for the UAC shield). You'll need to provide sufficient credentials to authenticate yourself as an administrator, and then you'll have the authority to wreak whatever havoc you wish.
Found a way to run as a specific user even when UAC is turned off from http://www.sevenforums.com/general-discussion/235987-run-cmd-exe-given-user-administrator-command-line.html
This is the way to start cmd.exe as any user. Replace "username" with the correct one:
cmd.exe> runas /user:username "cmd.exe"
Right click on the cmd shortcut, navigate to properties, select advanced options and uncheck the 'Run as admin' option.
Check this video for better understanding - https://www.youtube.com/watch?v=3Mxh5TNSIl8&list=PLg8CURsOKswrzPs9fMhnmdy9TP7AkOOX1&index=1

Can't add new Redirected Port in Windows 7 after installing RedMon

My operating system is Windows 7 32bit. I installed RedMon1.7, Ghostscript 8.71 and GSview 4.9; installations were successful.
I went to Add New Local Printer in Windows Devices and Printers, clicked on Create A New Port, and selected Redirected Port from the Type of Port list. Clicked Next and in the Add New Port window I named RPT1: and clicked OK but it says Specified port cannot be added. Operation could not be completed (error 0x00000001)
I tried giving different names to the port, RPT2:, RPT4:, VPport: etc but all gave same result. Disabled Windows Firewall and tried but it continues to give same error, Disabled the Antivirus (Avira) but no change.
What can be preventing windows 7 from adding redirected port?
BTW I was following instructions in this tutorial in order to create a postscript printer.
http://www.stat.tamu.edu/~henrik/GSPSprinter/GSPSprinter.html
Appreciate any ideas or suggestions. Thanks
Run cmd.exe as Administrator and then run:
rundll32 printui.dll,PrintUIEntry /il
from the elevated cmd.
Go to your Start Menu,
Type Print,
Right-Click "Print Management",
Select "Run as administrator",
In Print Management; Expand "Print Servers" and Select "Ports".
Right-Click in the "Ports" pane (on the right hand side) and Select "Add Port...".
I'd also recommend configuring a Port from Print Management, as opposed to trying to do it in a Printers Properties. ;)
Adam Reed describes a workaround in his blog:
http://borntoidentify.blogspot.com/2010/09/configuring-virtual-printer-using.html
Not very comfortable, but works for me ...
EDIT: This link appears broken, but here's the content:
https://web.archive.org/web/20120628120209/http://borntoidentify.blogspot.com/2010/09/configuring-virtual-printer-using.html
The gist is that under Win7, you need to run explorer with elevated rights. This can be done using another browser, or, as mentioned in the comments on the original post:
Open a CMD window by right clicking and running as administrator
Kill the process explorer.exe from the task manager
Run explorer.exe from the command prompt window, now as an administrator.
Be very careful when running explorer as an administrator.
You need to enable Admin mode OR log with the Admin account!
This is cause by the new Vista/Win 7 security system.
Try reseting the firewall (Windows 7)
(be warned tho, the firewall will reset to the default setting)
*go to Control Panel
*go to Windows Firewall
*on the left choice pick "Restore Defaults"
It works for me, i hope it works for you.
F3lix's rundll32 method works but after you've created the port you most probably would need to configure its settings. Elsewhere in the net there are instructions to open Port management as Administrator, but in Windows 7 Home that seems to be very much impossible. One can only view the virtual port settings. The only workaround I found is to edit registry directly with the Registry editor at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Redirected Port\Ports\RPT1:
(Replace your port name in the end.)
It seams to be tricky. In my case it only works, after creating an new User account with the name "admin" / group " Administratoren" (de).
Before with my real Nickname User "Nick.." / group "Administratoren" (de) it dosent work´.
Takes several hours to discover ...
Accepted solution did not work for me...I found an other command line that worked well (I'm on windows 10):
%systemroot%\system32\printmanagement.msc
It opens the print management in administrator mode, and I was able to create the port with no problems.

Resources