tags:

views:

581

answers:

7
+2  Q: 

Can we get the UAC prompt to show only once?

Is there a way for an app to present the user with the UAC prompt only once, upon first running. Thereafter, no further prompting.

In other words, I understand that our app needs the user's UAC permission to do certain things. And that's fine. But we don't want it to have to keep asking on every occasion it runs. Can the user give permission to our app for all time? Or does what I am asking violate the fundamentals of UAC?

We are working with .NET and Windows 7

A: 

The user should be able to right-click on the executable and go to properties -> compatibility -> "run this program as administrator’"

James Polley  2010-01-07 11:11:29
Does it not still give the UAC prompt? I thought this was mainly to fix legacy apps crashing that did something requiring admin rights, but didn't ask for those rights before doing it?
Fire Lancer  2010-01-07 11:14:35
A: 

If this is possible (I dont think it is considering say http://stackoverflow.com/questions/451809/how-to-configure-visual-studio-not-to-give-uac-prompt-on-each-run), I'm pretty sure it has to be done on the users side (like disabling the prompt in the first place), rather than the application side.

Fire Lancer  2010-01-07 11:12:11
Oops, please ignore what I just wrote, I misread the question.
Iain Collins  2010-01-07 17:36:26
A: 

This may be of help:

http://www.tipandtrick.net/2008/bypass-or-disable-uac-for-selected-excluded-programs-only-with-elevator-skipuac/

confused dot come sucks  2010-01-07 11:12:57
+2  A: 

Update: Oops I misread the question and interpreted "prompt only once, upon first running" as meaning "only once every time is is run".

No, you can't grant an application Administrator rights for all time, that does indeed go against the design of UAC.

However, one way around this is to create a service which you app communicates with, which is able to run in the background and perform tasks with elevated permissions without the main application needing elevated permissions.

If that sounds like too much work, you could have a look at bundling with the SkipUAC utility which uses an approach like this to allow users to start applications without being prompted for UAC on each startup.

My Original Answer:

If the executable has a manifest with requireAdministrator set it should trigger a UAC prompt only on each initial startup, but not after that (all operations, including other apps launched by the initial process will inherit the elevated permissions).

You can set up a manifest for an EXE via the IDE in Visual Studio 2008/2010, or using a command line utility that comes with the most recent service pack for VS 2005 (this can be integrated into the build step to automate the process, but is a bit of a fudge in 2005).

I would search the web for "UAC" and "manifest" for more information, it's reasonably well documented in the online MSDN documentation (once know you to look for it).

This works equally in WIndows 7 and Windows Vista.

Iain Collins  2010-01-07 17:33:18
but can the user give permission to our app for all time? so the UAC never appears on subsequent executions?
hawbsl  2010-01-07 17:38:02
+1 for pointing out to use a service for this
mihi  2010-01-07 21:26:22
+7  A: 

Microsoft specifically is forbidding such behavior. If a applications could add themselves to an exclude list, then we get back into the mess we had before.

What you need to do is make your program not require administrative access.

Ask yourself: What did you do on Windows XP?

  • am i not allowed to run your software?
  • does your software crash when i'm a standard user?
  • does your software provide no value, and have no absolutely no functionality when run by a standard user?

Windows XP doesn't have the convince of the UAC. The only way for a user to run your program as an administrator is to logon with another user. And that's a much worse user experience than clicking "Continue".

If you don't want to write software that is standard user friendly, then you're part of the problem. UAC is not the problem, UAC is a convience. i can turn off UAC, run as a standard user full time, and your software still won't work.

Microsoft considered

  • white-lists
  • Remember my preference
  • Don't ask me again.

If you had a white-list, then every program would just add itself to such a list at install time.

If such a white-list existed, then your app would be the target of malware. It would love to modify the binary to execute what it wants; since it knows the program will be silently elevated.

Malware would love to poke at your application with SendMessage, trying to pass invalid data or structures, trying to get your, administrative, application to execute the code it wants.

If the user had the option to disable future prompts on programs, then they would just do it, and every program would run as an administrator, and we'll be back to the way things were.

All those ideas don't solve the problem: almost no program actually requires administrative access.

The time has finally come to force developers to come to terms with that fact.

Whitelists cannot work

Some people want to come up with ways to make whitelists work.

  • Have a checkbox where the user can say, "Don't prompt me for this file anymore"
    If you store that filename, then other programs with the same name will silently run as administrators.

  • Okay, then we'll record the full path, or use the hash of the file, as the whitelist entry. If there's a whitelist then other programs will add themselves to that list when they install, and have programs running with administrative access that the user didn't want.

  • What if only signed applications are allowed, that way we know they're safe. Applications are not safe because they're signed. An application doesn't have to be malware for it to be abused into doing bad things. (e.g. buffer overruns in flash, firefox, ie, chrome, safari, opera, word, photoshop, Yahoo image uploader tool).

You have to store list of valid code-signers in a list somehwere. And no matter how you slice it, having any white-list will mean that applications will just add themselves to that list.

  • Well, then don't allow them access to the list. Not even administrators are allowed to add items to the list. If not even administrators can add items to the list, then how can the user add items to the list in the first place? You can't add items to the whitelist if you're not allowed to add items to the whitelist!

And how do you manage the white-list? Lets say the user has changed their mind, or Dad has changed his mind, or IT has changed its mind, or corporate has changed its mind, or the software publisher changes their mind: how do you remove items from the list - especially when nobody is allowd to modify the list.

Summary: White lists cannot work.

Ian Boyd  2010-01-07 17:50:23
This is a simple and on the perhaps on the surface unfriendly seeming approach, but it may be quite correct. While there maybe a good reason your app needs elevated permissions in many cases it's just because the application doesn't follow best practices and is badly written to begin with. In most scenarios (e.g. auto-updating) it's very rare to need elevated permissions so it's not a burden on users to trigger then when actually needed. If your app needs them every time the design is /probably/ flawed.
Iain Collins  2010-01-07 17:55:27
Just to correct an incorrect assertion - you can indeed elevate permissions in Windows XP as well, in a very similar way to Vista/Windows 7 - unfortunately most developers were too lazy to bother and just insisted everyone run their applications with Administrator accounts.
Iain Collins  2010-01-07 17:57:31
You could, Iain, **RunAs** another user in Windows XP. But then the process isn't actually running at you. In Vista and 7 the process is actually running as yourself.
Ian Boyd  2010-01-07 18:01:58
+1 for a nice overview but I'm not sure saving the user from having to reclick and reclick is any defence against malware. if the user is accepting the UAC prompt anyway (and he will), I'm just as inviting a target for malware as if the UAC preference was being remembered. Whether Remembered or Actively Renewed, the result is the same. But the difference in convenience to the user is enormous.
hawbsl  2010-01-07 18:37:35
and doesnt digital signing come into it?
hawbsl  2010-01-07 18:38:39
@hawbsl: Users should not have to reclick and reclick. The point is to smack developers in the back of the head, and make them not actually require administrative access. There's almost no reason that you actually do. Once the software ecosystem as a whole makes administrative access rare, then the user will be presented with a UAC prompt very rarely. Then they will see administrative access for what it is: something dangerous, not to be granted lightly. The next 7 years will be the painful transition period, where developers get bitched out for being lazy.
Ian Boyd  2010-01-07 21:03:45
+2  A: 

The only way is to install yourself as a service or device driver.

BlueRaja - Danny Pflughoeft  2010-01-07 21:26:12
There is the concept of having some elevated processing running all the time, and the user can communicate with it. But we weary, malware will love to poke at your service to make it execute arbitrary code.
Ian Boyd  2010-01-07 21:33:36
A: 

Developers need a slap in the back of the head do they???

I have created 2 backup programs.

Both require Admin Rights to run.... why? So the user can backup there files where ever they are of course..

Could i run this as a service in the background? mabye? Probably not.

This is the reason that all AV software for instance has services in the background. So the GUI is just the GUI that is it... has no functionallity except to pass the command/info back to the service at which point the commands etc get run.

Wether or not whitelists would work depends on the users... I know users who for a fact just click on 'ALLOW' all the time... they dont even read it. So how is UAC protecting them, remarks like there stupid etc dont help. They do this because UAC prompts them everytime they go to do something.

Backup Programs, Launching apps, Compilers, generators ALL these things for example need admin rights.

Quite frankly a service is not always the answer as it is time consuming to implement and you can't be sure that it gets removed/restarted (auto updating) when it needs to be.

Tristan  2010-03-24 23:52:38

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?