Hi All,

Ive been looking for UAC software that will help us bypass UAC prompts for particular applications on windows 7 as a restricted users(i.e let particular applications run as admin).

There seem to be a couple out there but they all seem to make the application run as system or as an administrator account which is no good to us, as the application needs to interact with other applications and the logged in users profile.

Ive found one company that seem to do it but dont know much about them and was wondering if anyones used it before??

http://appavail.com/UAC.html

Or if anyone knows how to else we can do it?

unfortunatly we have quite a few inhouse applictions and vendor applications that require admin rights or prompt for UAC. Unfortutualty the developers have either gone or the company that wrote them no longer exists.. we dont wat to have to give users full admin for the sake of a single application any help would be much appreciated.

Thanks

MF

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

3

Most applications can be shimmed using the free Microsoft Application Compatibility Toolkit.

http://www.microsoft.com/en-us/download/details.aspx?id=7352

Try using that first.

Answered 05/05/2014 by: Ifan
Second Degree Green Belt

Please log in to comment

Answers

1

Thanks weve tried using ACT in the past and although it seems to supress some UAC prompts it doesnt work for all of our applications. Also we have some apps that need to run as administrator and was just wondering if there is a way around of bypassing it asking for administrator credentials??

Answered 05/05/2014 by: markfish666
White Belt

  • Hi.
    Depending on the application UAC prompts usually pop up due to the software trying to do something that requires administrator rights. In most cases the UAC prompt isn't hardcoded.

    If you can't figure it out using the ACT, try using Process Monitor and look for access denied messages. Mitigate them by giving the local users group the correct permissions for whatever it tries to do.

    I haven't used any products like what you're describing. Usuaully i'm able to fix it through the aforementioned methods or i get it thrown out the window.
Please log in to comment
1

Thanks for you help! I'll have a little play around... i have a couple of really badly written apps that seem to re-register dlls using regsvr32 when you switch servers etc which obviously the user doesnt or never will have access to do. not to sure what we are gonna do about these types of apps.

 

If  UAC is hard coded is there any was around? ive used external manifest files before and forced the machine to use external manifest first, but this seems to cause loads of issues expecially to programs like office!!

Answered 05/06/2014 by: markfish666
White Belt

  • If the check is hardcoded you can easily use a shim.

    Can't help you with the re-registering dll though.
Please log in to comment
1

- Control user profile-level configuration at deployment time using either Active Setup or, if the package has advertised entry-points, e.g. advertised shortcuts, use self-healing.

- As said above, apply appropriate permissions to the registry branch and/or folders.

- Personally, I see no place for UAC in a properly controlled environment and turn it off.

Answered 05/06/2014 by: VBScab
Red Belt

Please log in to comment
1

I test first if the app will run with out elevating.
Simplest way is to test as a std user. Run a CMD  Set a variable... Set __COMPAT_LAYER=RunAsInvoker then launch the app (From the CMD)

If it will not work with out elevation, (which is rare) because if you have UAC enabled, then the write actions are normally handled  by the UAC virtualisation. But if it is a poorly written hardcoded app... then you might need: http://www.avecto.com/privilege-management

Its quite a good product, have a look at the website, I think they also do webcasts where you can use the products to see how it works.

The reason I use this method (__COMPAT_Layer) is because it trumps internal manifests. If you create an external manifest, it will be overwritten by an internal manifest...

Answered 05/06/2014 by: Badger
Red Belt

Please log in to comment
1

Thanks guys really appreciate the help!

Shame theres not a sort of white list built into windows controlled via gp etc that you add certian apps to automatically run elevated!

As personally i dont like opening up areas such as system32 or classes root and other vunerable areas just for a single app to write to.

Thats why i kinda like the idea of these sort of whitelist apps that are about!

Answered 05/07/2014 by: markfish666
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity