All geek questions in one place

Need for higher permissions without UAC popups

I have an application that is a launcher for another application (my main one). The launcher goes to the FTP server, downloads the updates, and installs them. However, the update executable needs to copy some DLLs and EXEs to the installation directory of the main application, which is located in Program Files. Because of this, I currently need to upgrade update privileges.

This is a problem because my application starts at boot and usually just loads into the system tray (the application is comparable to a messenger / skype). If I start triggering UAC warnings on the screen when I try to silently update the application, it will no longer be quieter.

The only way I see now to avoid the problem is to give all users permissions to the installation directory of program files, but I am reluctant to do this. Any other ideas?

I am using Windows 7 and the applications are in C #.

+5
source share
3 answers

This will violate the basic principle of user access control.

You cannot elevate access rights by avoiding design hints. If there was a way to do this, UAC would become useless.

Having said that, you can try to design around the problem. Instead of making your program a startup / system tray application, you might want to make a Windows service that performs the update. This can be run as an administrator at boot (instead of logging in), and it will work with elevated privileges.

If you need an application in the system tray, it can be a separate application that "talks" with the service.

+10
source

The whole point of UAC is that applications cannot accept privileged changes without user approval. Instead of trying to automatically update the application, perhaps you can simply tell the user that an update is available and wait until they ask him to update (at this point, a UAC invitation is expected, as many application updates do this).

+2
source

Others argue that UAC should prevent this type of behavior, however you can turn off UAC and then enable post-installation of UAC, as I assume that your β€œusers” are local to your business. You can click this in a batch file and execute it with psexec , since I believe that you can do it remotely without installing anything on the client machine.

Disable UAC

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC

 C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
0
source

Source: https://habr.com/ru/post/922852/

More articles:


All Articles