UAC prompting help!!

Hi All,

Ive been looking for UAC software that will help us bypass UAC prompts for particular applications on windows 7 as a restricted users(i.e let particular applications run as admin).

There seem to be a couple out there but they all seem to make the application run as system or as an administrator account which is no good to us, as the application needs to interact with other applications and the logged in users profile.

Ive found one company that seem to do it but dont know much about them and was wondering if anyones used it before??


Or if anyone knows how to else we can do it?

unfortunatly we have quite a few inhouse applictions and vendor applications that require admin rights or prompt for UAC. Unfortutualty the developers have either gone or the company that wrote them no longer exists.. we dont wat to have to give users full admin for the sake of a single application any help would be much appreciated.



0 Comments   [ + ] Show comments

Answers (6)

Posted by: Ifan 9 years ago
Second Degree Green Belt

Most applications can be shimmed using the free Microsoft Application Compatibility Toolkit.


Try using that first.

Posted by: markfish666 9 years ago
White Belt

Thanks weve tried using ACT in the past and although it seems to supress some UAC prompts it doesnt work for all of our applications. Also we have some apps that need to run as administrator and was just wondering if there is a way around of bypassing it asking for administrator credentials??

  • Hi.
    Depending on the application UAC prompts usually pop up due to the software trying to do something that requires administrator rights. In most cases the UAC prompt isn't hardcoded.

    If you can't figure it out using the ACT, try using Process Monitor and look for access denied messages. Mitigate them by giving the local users group the correct permissions for whatever it tries to do.

    I haven't used any products like what you're describing. Usuaully i'm able to fix it through the aforementioned methods or i get it thrown out the window. - Ifan 9 years ago
Posted by: markfish666 9 years ago
White Belt

Thanks for you help! I'll have a little play around... i have a couple of really badly written apps that seem to re-register dlls using regsvr32 when you switch servers etc which obviously the user doesnt or never will have access to do. not to sure what we are gonna do about these types of apps.


If  UAC is hard coded is there any was around? ive used external manifest files before and forced the machine to use external manifest first, but this seems to cause loads of issues expecially to programs like office!!

  • If the check is hardcoded you can easily use a shim.

    Can't help you with the re-registering dll though. - Ifan 9 years ago
Posted by: anonymous_9363 9 years ago
Red Belt

- Control user profile-level configuration at deployment time using either Active Setup or, if the package has advertised entry-points, e.g. advertised shortcuts, use self-healing.

- As said above, apply appropriate permissions to the registry branch and/or folders.

- Personally, I see no place for UAC in a properly controlled environment and turn it off.

Posted by: Badger 9 years ago
Red Belt

I test first if the app will run with out elevating.
Simplest way is to test as a std user. Run a CMD  Set a variable... Set __COMPAT_LAYER=RunAsInvoker then launch the app (From the CMD)

If it will not work with out elevation, (which is rare) because if you have UAC enabled, then the write actions are normally handled  by the UAC virtualisation. But if it is a poorly written hardcoded app... then you might need: http://www.avecto.com/privilege-management

Its quite a good product, have a look at the website, I think they also do webcasts where you can use the products to see how it works.

The reason I use this method (__COMPAT_Layer) is because it trumps internal manifests. If you create an external manifest, it will be overwritten by an internal manifest...

Posted by: markfish666 9 years ago
White Belt

Thanks guys really appreciate the help!

Shame theres not a sort of white list built into windows controlled via gp etc that you add certian apps to automatically run elevated!

As personally i dont like opening up areas such as system32 or classes root and other vunerable areas just for a single app to write to.

Thats why i kinda like the idea of these sort of whitelist apps that are about!

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ