Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Selectively disabling UAC for specific programs on Windows Programatically

There are dozens of posts questions/answers on stack and other forums about disabling/bypassing/suppressing UAC. There are solutions as well. But progmatically perhaps not. I could see only one solution Disabling UAC programmatically but perhaps there is not real programmatic solution given there.

Can there be a programatic solution for saving user to be prompted everytime he/she runs a program like wamp and they always have to click yes, So it would be better to tell windows that their choice is always yes. I am sure there would be as

I have found Here that windows provides this facility in Task Scheduler through GUI so it must be possible through code as well.

Update : I have prepared a pure programmatic solution which is working. See my answer.

like image 843
Sami Avatar asked Mar 03 '13 21:03

Sami


2 Answers

Quick description: Make a new console/window application to run any application bypassing UAC choosing the path of your target application in this application as guided below, compile this program once, and run anytime

Step by step

  1. Download Microsoft.Win32.TaskScheduler.dll from This Codeplex link
  2. Make a c# application (Windows or Console) and add reference to the above dll
  3. Add New Item (Application Manifest File) to your project (this application)
  4. Change <requestedExecutionLevel level="asInvoker" uiAccess="false" /> to <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  5. Write following code in your program.cs file

using System;
using Microsoft.Win32.TaskScheduler;
class Program
{
   static void Main(string[] args)
   {
      TaskService ts = new TaskService();          
      TaskDefinition td = ts.NewTask();
      td.Principal.RunLevel = TaskRunLevel.Highest;
      //td.Triggers.AddNew(TaskTriggerType.Logon);          
      td.Triggers.AddNew(TaskTriggerType.Once);    // 
      string program_path = @"c:\wamp\wampmanager.exe"; // you can have it dynamic
//even of user choice giving an interface in win-form or wpf application

      td.Actions.Add(new ExecAction(program_path, null));
      ts.RootFolder.RegisterTaskDefinition("anyNamefortask", td);          
   }
}

6.Now compile and run your Application(this app)


Now your application (e.g WAMP) will run without prompting any UAC dialog on your desired schedule (every time your log on windows in my case)

Sources

Initiated from : Can you turn off UAC for a single app? and Selectively disabling UAC for specific programs on Windows 7

Basic Idea from : Make Vista launch UAC restricted programs at startup with Task Scheduler

Basic Implementation from Creating Scheduled Tasks

like image 142
Sami Avatar answered Sep 21 '22 04:09

Sami


The proper methodology wouldn't be to ignore the User Access Control (UAC) but rather test within those parameters. That way you don't disrupt security, you instead work within it's confines.

By disabling security, you run the risk of exploits. According to Secuna which provide several security test have noticed that small companies, lazy developer applications, and blatantly disregard for security are applications that have been focused on.

Which means your application may become a victim at some point.

The approach I would take, is test within UAC. Ensure the proper permissions exists to carry out your task, that way it isn't constantly running with Elevated Permission. An example may be:

class Elevated_Rights
{
    // Token Bool:
    private bool _level = false;

    #region Constructor:
    protected Elevated_Rights()
    {
           // Invoke Method On Creation:
           Elevate();
     }
     #endregion
     public void Elevate()
     {
           // Get Identity:
           WindowsIdentity user = WindowsIdentity.GetCurrent();

           // Set Principal
           WindowsPrincipal role = new WindowsPrincipal(user);

           #region Test Operating System for UAC:
           if (Environment.OSVersion.Platform != PlatformID.Win32NT ||            Environment.OSVersion.Version.Major < 6)
            {
                 // False:
                 _level = false;
             }
             #endregion
             else
             {
                    #region Test Identity Not Null:
                    if (user == null)
                    {
                        // False:
                        _level = false;
                    }
                    #endregion
                    else
                    {
                        #region Ensure Security Role:
                        if (!(role.IsInRole(WindowsBuiltInRole.Administrator)))
                        {
                            // False:
                            _level = false;
                        }
                        else
                        {
                            // True:
                            _level = true;
                        }
                        #endregion
             } 
      }
} 

Something along those lines would allow you to test against the UAC, then perform a task. I'm not quite sure why you would like to disable the UAC, but that would be my approach.

Hopefully that helps.

like image 23
Greg Avatar answered Sep 25 '22 04:09

Greg