Geek Answers Handbook

Selectively disable UAC for specific programs on Windows

There are dozens of Q / A posts on the stack and other forums about disabling / bypassing / suppressing UAC. There are solutions. But progamically, perhaps not. I could see only one solution to disable UAC programmatically , but maybe there is no real software solution there.

Is there a software solution for saving the user that will be requested each time he / she launches a program such as wamp, and they should always click β€œYes”, so it would be better to tell the windows that their choice is always yes. I'm sure there will be

I found here that windows provide this tool in the task scheduler using a graphical interface, so this should be possible through code.

Update: I prepared a clean software solution that works. See my answer.

+7
source share
3 answers
  • Download the Microsoft.Win32.TaskScheduler.dll file from This Codeplex Link
  • Make a C # application (Windows or console) and add a link to the above DLL
  • Add a new element (application manifest file) to your project (this application)
  • Change <requestedExecutionLevel level="asInvoker" uiAccess="false" /> to <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  • Enter the following code into the program.cs file
 using System; using Microsoft.Win32.TaskScheduler; class Program { static void Main(string[] args) { TaskService ts = new TaskService(); TaskDefinition td = ts.NewTask(); td.Principal.RunLevel = TaskRunLevel.Highest; //td.Triggers.AddNew(TaskTriggerType.YourDesiredSchedule); td.Triggers.AddNew(TaskTriggerType.Logon); //td.Actions.Add(new ExecAction("Path Of your Application File", null)); td.Actions.Add(new ExecAction(@"c:\wamp\wampmanager.exe", null)); ts.RootFolder.RegisterTaskDefinition("anyNamefortask", td); } }

6. Do not compile and run the application (this application)

Now your application (for example, WAMP) will start without asking for any UAC dialog according to your desired schedule (every time you register on windows in my case)

Sources

Initiated: Is it possible to disable UAC for a single application? and selectively disable UAC for certain programs in Windows 7

Main idea from: Make Vista run UAC-programs with limited access at startup using Task Scheduler

Basic implementation of Creating Scheduled Tasks

+11
source

The correct methodology should not ignore user access control (UAC), but rather a test in these parameters. This way you are not breaking security; you are working inside it instead.

By disabling security, you run the risk of exploits. According to Secuna, who provide several security tests, they noticed that small companies, lazy developer apps, and overt ignoring security are apps that have been focused.

This means that your application may become a victim at some point.

The approach I would take is a test in UAC. Make sure that there are appropriate permissions to perform your task, so it does not always work with high resolution. An example would be:

 class Elevated_Rights { // Token Bool: private bool _level = false; #region Constructor: protected Elevated_Rights() { // Invoke Method On Creation: Elevate(); } #endregion public void Elevate() { // Get Identity: WindowsIdentity user = WindowsIdentity.GetCurrent(); // Set Principal WindowsPrincipal role = new WindowsPrincipal(user); #region Test Operating System for UAC: if (Environment.OSVersion.Platform != PlatformID.Win32NT || Environment.OSVersion.Version.Major < 6) { // False: _level = false; } #endregion else { #region Test Identity Not Null: if (user == null) { // False: _level = false; } #endregion else { #region Ensure Security Role: if (!(role.IsInRole(WindowsBuiltInRole.Administrator))) { // False: _level = false; } else { // True: _level = true; } #endregion } } }

Something along these lines will allow you to test the UAC and then complete the task. I'm not quite sure why you would like to disable UAC, but that would be my approach.

Hope this helps.

+2
source

If you want to bypass the protection that you get as a standard user, the best solution is to change permissions on the folder and registry key so that all users can change your application folder.

 GrantAllUsersFullControlToFileOrFolder("C:\Program Files\Grobtastic");

with pseudo code implementation:

 void GrantAllUsersFullControlToFileOrFolder(String path) { PACL oldDACL; PACL newDACL; PSECURITY_DESCRIPTOR sd; //Get the current DALC (Discretionary Access Control List) and Security Descriptor GetNamedSecurityInfo(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, ref oldDACL, nil, ref sd); //Create an SID for the "Users" group PSID usersSid = StringToSid("S-1-5-32-545"); // Initialize an EXPLICIT_ACCESS structure for the new Access Control Entry (ACE) EXPLICIT_ACCESS ea; ZeroMemory(@ea, SizeOf(EXPLICIT_ACCESS)); ea.grfAccessPermissions = GENERIC_ALL; ea.grfAccessMode = GRANT_ACCESS; ea.grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT; ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea.Trustee.ptstrName = PChar(usersSID); // Create a new ACL that merges the new ACE into the existing ACL. // SetEntriesInAcl takes care of adding the ACE in the correct order in the list SetEntriesInAcl(1, @ea, oldDACL, ref newDACL); //use LocalFree to free returned newDACL //Attach the new ACL as the object new DACL SetNamedSecurityInfo(path, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, newDACL, nil); LocalFree(HLOCAL(sd)); LocalFree(HLOCAL(newDACL)); FreeSid(usersSID); }

This works even when UAC is disabled (i.e., the user is a standard user and there is no convenient way to increase them). It also runs on Windows XP, where there was no UAC feature, and you had to switch quickly to run something as an administrator.

You then demonstrate your executable to run asInvoker , since you do not need administrative permissions.

Ask yourself:

What would I do in Windows XP?
What would I do on Windows 7 with UAC disabled? A.

If they are standard users, your program crashes to the dead?

0
source

More articles:


All Articles