1

I am developing C#/.NET application that needs administrative privileges. It will run under WinXP and Win7. In order to request elevation of privileges when user is running as Standar user (not member of Administrators group), I embed manifest with line: 

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

And, that works fine in Win7 when in UAC is turned ON. User gets prompted for elevated rights, enter credentials etc.
Problem is when in Win7 when in UAC is turned OFF. Application starts without UAC prompt and WITHOUT elevated rights.

Is there a way to request elevation and pop-up UAC prompt when UAC is turned OFF?

Mark_55
  • 155
  • 1
  • 9
  • So the user is not local administrator but when UAC is turned on the user will enter some other credentials with administrative rights in the UAC prompt? – Martin Liversage Oct 09 '13 at 16:22
  • [The same question, basically, has been asked before.](http://stackoverflow.com/questions/90702/how-does-a-program-ask-for-administrator-privileges) – Scott Solmer Oct 09 '13 at 16:24
  • No, it was not answered there. I am doing already what is said there. Issue is solution does not work always. That is a problem. – Mark_55 Oct 09 '13 at 16:27
  • So, this one is close, but it has no deffinite answer: http://stackoverflow.com/questions/17271458/execute-an-application-with-admin-rights-on-system-without-uac?rq=1 – Mark_55 Oct 09 '13 at 16:33
  • Surely what you turned off is the ability for a program to display a UAC prompt :) – Hans Passant Oct 09 '13 at 17:10
  • Right. User did that. What now? I stop program since I can not elevate it? It is kind of not consistent. For some users will work, for others will not. – Mark_55 Oct 09 '13 at 17:44
  • I believe what Hans was saying is that you've turned off the UAC popup by specifying uiAccess="false" in your manifest. If you do uiAccess="true", it should prompt you. – Joel Lucsy Oct 09 '13 at 18:35
  • Is that guessing or you know? Is there a document about it? I have seen uiAccess="true" set only in case when you have digital certificate and you do NOT want UAC to ask anyting. – Mark_55 Oct 09 '13 at 19:24
  • Have you *tried* it? You might be surprised... – Andrew Barber Oct 10 '13 at 05:06

1 Answers1

2

No, but there is a workaround.

UAC being off does not preclude an application from being run as Administrator (assuming you have an administrator password, as it seems you do), just makes it harder. As you rightfully pointed out, with UAC disabled and requireAdministrator set in the manifest, right-clicking and selecting Run as administrator does not actually elevate the process, as Microsoft indicates: "Application might launch but will fail later"

Two Steps:

1) Hold Shift while Right-clicking on the application and select Run as a different user. Then simply use your Administrator user name and password to authenticate, and your application should run as Administrator. It worked for me.

screenshot

2) Build a small executable that runs asInvoker and checks for Administrative privileges. When it is run without them, warn the user and tell them to Shift-Right Click, then Run as a different user. If your small program has administrator access, then use ShellExecute to invoke your primary requireAdministrator application. See Figure 9 here for a flow diagram. You are basically replacing the built-in UAC dialog with your own, because, hey, UAC is off.

Here is a small code sample in C++ from somewhere on StackOverflow that checks for administrator access:

BOOL IsUserAdmin(VOID)
{
   BOOL b;
   SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
   PSID AdministratorsGroup; 
   b = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup); 
   if(true==b) 
   {
      if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)) 
      {
         b = FALSE;
      } 
      FreeSid(AdministratorsGroup); 
   }
   return(b);
}
kmort
  • 2,848
  • 2
  • 32
  • 54