tags:

views:

537

answers:

6
+1  Q: 

UAC status without reading the registry

There's a simple way to read the registry and get the UAC status from there. The only problem is that if you are not an administrator user or the UAC is ON then you can't read that particular key.

Is there a way (API, etc) to get the UAC status accurately without having to read the registry?

Sample code is always appreciated. Thanks!

jess

EDIT: I'm starting a bounty. PLEASE PLEASE if you are going to answer do not tell me how I shouldn't care about the UAC status and that the code should be independent of the UAC and how microsoft is so goody goody.

+3  A: 

From the internets:

HANDLE tokenHandle; 
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tokenHandle); 

DWORD tokenInformationBufferLength = 0; 
TOKEN_ELEVATION_TYPE tokenElevation;
GetTokenInformation(tokenHandle, TokenElevationType, &tokenElevation, sizeof(tokenElevation), &tokenInformationBufferLength);
MSN  2009-12-22 19:06:08
This is when I get confused. Elevated means that UAC is on? that I am an admin? How do you use this code to get a "yes, UAC is on" or "Nop, it's not ON". Thanks!
Jessica  2009-12-22 20:37:18
I'm going to assume that limited means youdon't have administrator access and fulleans you do. Besides, whethe UAC is on or not isn't really a question you care about. You care whether it affects code you will run or not. But based on your question, limited means on.
MSN  2009-12-23 02:38:13
Actually limited means that you're running with a split token which does mean that UAC is enabled but that's not the only return value you care about. You can also be running on a standard user account in which case you'll get TokenElevationTypeDefault (and your application will fail to run because it requires admin access). If you manifest your application such that it's tagged as requiring elevation all of this is moot because the OS will ensure that your application always runs with administrator rights
Larry Osterman  2009-12-23 04:53:54
I would listen to Mr. Osterman. He has wayyy more experience with this than most of us. And his blog is an awesome reference.
MSN  2009-12-23 06:05:05
oh, now I see why Mr. Osterman cares so much about microsoft. In any case, the whole split token is very very unnecessary here. I just want to know whether it's ON or OFF. Please spare me the UAC babble. As far as I'm concerned the UAC is more an annoyance than something good. That, of course, it's only my opinion.
Jessica  2009-12-23 15:31:25
I keep on getting TOKEN_ELEVATION_TYPE' : undeclared identifier even when I add windows.h or winnt.h is there a flag I need to set?
Jessica  2009-12-23 15:43:13
Well, it's impossible to compile, even after manually setting directories, the sdk, the ddk and a hell of DLL and libs. Thanks for the answer but i can't even try it
Jessica  2009-12-23 15:48:31
Are you setting the version macros correctly before you include the SDK headers? If not, that could cause the undefined identifier errors you're seeing. http://msdn.microsoft.com/en-us/library/aa383745(VS.85).aspx
Adrian McCarthy  2009-12-28 17:53:59
I believe I did. In any case by adding these headers I am braking something else since some of code behaves differently now. The program need to run on XP and vista. Thanks for the comment
Jessica  2009-12-28 20:30:13
A: 

Not quite where you're looking, I suppose... but if the registry read returns an access failure on the key, that is actually the answer you're looking for -- UAC is enabled.

Stabledog  2009-12-22 19:21:22
thanks but I don't want to read (or try to read) the registry
Jessica  2009-12-28 20:33:52
+1  A: 

What I did to solve this problem, was if I had admin rights according to the API call I read the registry value (UAC provides false to admin rights check) and if I did not have admin rights I tried to make a new key in HKEY_LOCAL_MACHINE\Software. If that succeeded, UAC was on and I removed the key.

Joshua  2009-12-28 16:33:06
thank you. But I don't want to read or write the registry. I just want to know whether the UAC is ON or not, regardless of the user.
Jessica  2009-12-28 20:28:20
Any particular reason why you don't want to read the registry? That seems an arbitrary condition to impose.
Tarydon  2010-01-01 09:56:43
because if I am a plain user I don't have access to that particular part of the registry so I don;t know whether the UAC is ON or not. Which is the original problem
Jessica  2010-01-03 21:35:24
+1  A: 

It looks like you're trying to make the code compatible with both "non-elevated" and "elevated" operating modes. UAC being active or not has nothing to do with the current abilities of your process. Even if UAC is disabled a regular user account cannot have administrative privileges. Since that's the case I think you should be checking if your process is elevated or non-elevated and behave accordingly, rather than checking if UAC is enabled or not.

And that is much easier to answer, in fact was already answered in this question: http://stackoverflow.com/questions/95912/how-can-i-detect-if-my-process-is-running-uac-elevated-or-not

ssg  2010-01-02 16:51:49
thanks but as I stated before the whole elevated or not doesn't make any sense on my program. Why is it to hard to answer question. I need to know whether the UAC is On or not. I don't case about the user being an admin or not. I should be able to know whether the UAC is on regardless. thanks again
Jessica  2010-01-03 21:38:00
What you said contradicts with yourself: "Because is an old piece of code that needs administrative rights to run and my manager doesn't want us to change the whole code since we are not actively supporting this program anymore, so the quick fix is to get the UAC status and act accordingly.".
ssg  2010-01-04 08:45:46
UAC is *always* working. What "disabled" actually means is that processes started by you *can* be elevated and UAC will not protest which is exactly the thing ssg is saying and what you are caring about. So ssg has given you the right answer together with code.Explanation: I have the impression that you think UAC like a door which is there or not there. But UAC is like a guard which is alwaysthere. If he lets you pass, you have no information at all if he is ignorant or because you are an admin or whatever. You simply don't care, the important thing is you are *in*.
Thorsten S.  2010-01-04 08:55:41
OK, i'll roll with it. WHat would happen when the elevation type is: TokenElevationTypeDefault? That means that either UAC is disabled, or the process is started by a standard user. Which one is it? IS the UAC ON or not... see my problem?
Jessica  2010-01-05 18:49:34
See post added from me
Thorsten S.  2010-01-05 21:48:22
Thorsten's answer seems to have wrapped it up.
ssg  2010-01-06 09:07:23
A: 

First off, you don't really want to seek out a way to "get around" the security features of the operating system. Even if you do find a solution that works right now, Microsoft can (and does) change these kinds of features with Windows Update and will break your app in the future. Fighting the security features is an uphill battle and it will be a continuous headache for you. While I would love to hear more of your questions on StackOverflow :) it is most likely not the path you want to go down.

That said, I think you are going about the issue wrong. If your manager doesn't want you to fix the problem, then your manager has accepted the problem. Just mark the whole application as "must run in administrator mode" and be done with it. The users will get a single warning at application start and then the app will run for them. Here's a link to show you how to set this option.

Of course, if you're users don't have admin rights to their own machine you are basically out of luck.

Mark Ewer  2010-01-03 16:05:59
+3  A: 

Ok, building the answer on what ssg/comments already said:

http://www.softblog.com/2008-02/vista-tools/

This checks both elevation and UAC status. First as

http://stackoverflow.com/questions/95912/how-can-i-detect-if-my-process-is-running-uac-elevated-or-not

already mentions, it will test the ElevationStatus. After that, it tries to start a subprocess with elevated status which will fail if standard user is logged in, determining the UAC status.

And no, it does not use the registry.

Thorsten S.  2010-01-05 20:47:53
ok thanks. i'd like to accept this as an answer even thought I don't think it'll work. Franky I don't care whether it's a normal user or an admin. I was just looking for a UAC on or not. that's all. I don't understand the whole elevated or not, it just doesn't make sense to me. but thanks for the answer anyway.
Jessica  2010-01-07 15:08:19

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS