Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does the UAC know the application is going to need elevated privileges?

Tags:

c#

.net

uac

I have a C# .NET application with about 20 supporting assemblies that I am maintaining.

When it starts, windows shows a UAC dialog that says:
Do you want to allow the following program to make changes to this computer.

If I disable the 'Run as administrator' checkbox on the file's properties dialog, I get a dialog of:
Unable to run [Application Name]. The user account '[Me]' does not have sufficient privileges to write to
C:\ProgramData[Company][Application Name]

This application will try to write to the ProgramData directory which is causing the UAC to ask the user for permission.

How does the UAC know the application is going to write to ProgramData?
What can I change so that the UAC does not complain?

like image 494
Robert Avatar asked Jun 18 '13 16:06

Robert


People also ask

How does a UAC prompt look and what does it share and request?

The UAC prompt displays the name of the program that is about to make a system change that requires the approval of an administrator, the publisher of that program and the file origin (if you are trying to run a file).

How do I stop UAC blocking a program?

You can disable UAC through Group Policies. UAC GPO settings are located under Windows Settings -> Security Settings -> Security Options section. The names of the UAC policies start from User Account Control. Open the option “User Account Control: Run all administrators in Admin Approval Mode” and set it to Disable.

Does UAC require admin rights?

Note: Elevating the AnyDesk session will not change the windows session from standard user to administrator. Every UAC action will still require administrator credentials.


1 Answers

  1. How does UAC know the application is going to write to ProgramData

    • ProgramData MIGHT be under the list of "Protected Directories" during the virtualization process of the UAC Architecture. (source needed) enter image description here
  2. What can I change so that the UAC does not complain?

    • Couple options here -
      1. It appears that you are trying to write to C:\ProgramData[Company][Product]
        To me, this looks like a path separation issue. you are trying to create [or use] a directory named C:\ProgramDataAdobePhotoshop if your application is not seperating these directories, then i'd assume that this is causing your UAC issue. try adding your path seperators. C:\ProgramData\Adobe\Photoshop [as an example]
      2. Disable UAC? The UAC is there to prevent unauthorized activity, and if you look at the flowchart above, any application that has a signature of writing to a "restricted directory" or any "elevated actions", it will fall under, and spark a UAC prompt. Your user would click through it, and all is well.
      3. Use the Application Data folder, instead of the ProgramData folder. That folder seems to be hidden for a reason.

My recommendation - For any application that needs to story data - use the users Application Data rather than the ProgramData folder. You will not get any UAC prompts if you use this directory. (this question could help with that)

like image 125
ddavison Avatar answered Sep 27 '22 18:09

ddavison