How to determine what invokes User Access Control restrictions?

Question

In a Delphi app intended to build an internet software update service for my software, the Windows 7 UAC system requests authorization from the user to run the exe.The following possible contentious/risk areas exist in the code:

• A named pipe server is created for communications
• TCP is used for FTP and HTTP
• SHGetSpecialFolderPath api call is used

Before these items where added UAC did not activate, removing each in turn including all unit reference and then ending with the bare bones exe still causes the UAC event - so its not possible say what is causing it. On top of this Delphi 2007 now requires being launced as an administrator to launcg a debugging process for the app.

Question 1 : How can I see what is causing this besides starting from scratch in a new exe - IOW is there a log somewhere I can check

Question 2 : Will using a signed exe using authenticode still cause the UAC alert to show

Answer 1

UAC does not launch because your app does something administrative. Many people believe that when an app that is not elevated tries to do [something that will fail non elevated and succeed elevated], UAC asks about elevating. But that is not so. Your app starts out elevated or not, and stays that way. If it tries to do something that fails without elevation, then the thing fails. That is why adding and removing code "still causes the UAC event."

What genuinely "causes the UAC event" is a property of your exe other than the code it contains. These include its name, the compatibility stuff you applied to it deliberately (by right clicking and checking some options) and the compatibility stuff the system applied to it for you (often after one of those "this application may not have run correctly" dialogs. People often find it very frustrating to determine which of these is causing it.

Start by renaming the exe, avoiding words like setup and update. You don't need to run it, btw - just look for a shield overlay on the icon in Windows explorer. (see http://www.gregcons.com/KateBlog/NamingMattersAnotherCauseOfTheOverlayIcon.aspx) Also right click it and choose Properties, then look at the Compatibility tab. You may be asking for it to elevate there.

Answer 2

I think you ask the wrong question.

You don't need to fight UAC and its heuristics. They are compatibility hacks for old apps, not new. New apps must just follow the rules.

Include manifest with "asInvoker" execution level - and you're done. Simple and 100% effective.