All geek questions in one place

How does UAC know that an application will need elevated privileges?

I have a C # .NET application with about 20 supporting assemblies that I support.

When it starts, the windows show a UAC dialog box that says:
You want to allow the next program to make changes to this computer.

If I disable the "Run as administrator" checkbox in the file properties dialog box, I get a dialog:
Unable to start [Application Name]. User account "[Me]" does not have sufficient privileges to write to
C: \ ProgramData [Company] [Application Name]

This application will attempt to write to the ProgramData directory, which causes the UAC to ask the user for permission.

How does UAC know what the application will write in ProgramData?
What can I change to prevent UAC from complaining?

+6
source share
2 answers

  • How UAC knows what the application will write in ProgramData p>

    • ProgramData MAY be on the "Protected Directories" list during the virtualization process of the UAC architecture. (source required) enter image description here

  • What can I change to prevent UAC from complaining?

    • A couple of options here -
      • It seems that you are trying to write C:\ProgramData[Company][Product]
        For me, this seems like a path separation problem. You are trying to create [or use] a directory called C:\ProgramDataAdobePhotoshop if your application does not share these directories, I would suggest that this causes a UAC problem. try adding path separators. C:\ProgramData\Adobe\Photoshop [as an example]
      • Disable UAC? UAC exists to prevent unauthorized activity, and if you look at the flowchart above, any application that has the signature of an entry in the "restricted directory" or any "elevated actions" will fall within the scope of the action and trigger a UAC prompt. Your user will click on it, and all is well.
      • Use the Application Data folder instead of the ProgramData folder. This folder seems hidden for some reason.

My recommendation . For any application that needs historical data, use Application Data users, not the ProgramData folder. You will not receive UAC invitations if you use this directory. ( this question might help with this)

+3
source

Perhaps the application has a manifest file, such as:

 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministator" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>

If it is, the requestedExecutionLevel level="requireAdministator will display the UAC dialog box.

The manifest file is usually called app.manifest

0
source

Source: https://habr.com/ru/post/947574/

More articles:


All Articles