0

We have a win form application (built on 4.0 framework client profile) which is launched from a web application with the help of a custom protocol.

For a non admin user (eg: Power user, Standard User), when the application is launched the system pops up a UAC (in the system, UAC control settings is set to "Always Notify" and it has to be the same) asking for admin password.

Note, that we are using a manifest to run the application with elevated permission for admin privilege

Any help on this to avoid the same would be appreciable. Thanks in advance

Regards,

Karthik

Karthikkv
  • 1
  • Well, if the application requires admin privileges, the entire point of UAC is to ask for permission...? – Thorsten Dittmar Feb 12 '15 at 10:16
  • So, you're running an app that requires admin privilege, but you don't want it to ask for admin password? That would be bad if it was possible :) But you could install a host windows service that does whatever you need it to do, run it with system/admin permissions by default and have the client app just call it and tell it what to do :) – Gerino Feb 12 '15 at 10:17
  • Thanks for the quick response. However as per the workflow, it must be launched from a web page – Karthikkv Feb 12 '15 at 10:21

2 Answers2

1

Simple answer: you can't. The goal of UAC is to block application from doing things that require administrative privilege without the user's approval. It's a security feature built into the OS so that no malicious software would put the computer in danger without the user's approval.

So, since it's a security feature, you can't circumvent it without the user specifically switching off the UAC on the system.

Gimly
  • 5,975
  • 3
  • 40
  • 75
1

Obviously you cannot work around the security in Windows that limits what standard and power users can do. It is not entirely clear from you question but if your goal is to not require elevation while running as a non-administrator then you can achieve it by following this high level procedure:

  • Remove the manifest from your executable. Windows will no longer require elevation before the application is executed.

  • In the initialization of your application (preferably before it becomes visible) detect if the user executing the application is administrator.

  • If the user is local administrator let the running instance of the application start a new instance of the application this time requiring elevation. The first instance of the application then terminates when the elevated instance has started.

  • If the user is not local administrator continue running the application but realize that the application is executing without administrative privileges.

If you do it like this an administrator will get a UAC prompt to elevate the application while non-administrators will not get any prompt (and also no administrative privileges).

You can get details about how to perform some of these tasks in an answer to a question on Stack Overflow about elevating process privilege programmatically

Community
  • 1
  • 1
Martin Liversage
  • 104,481
  • 22
  • 209
  • 256