Windows 7, C++, VS2008 I have a COM DLL that needs to be registered using "runas administrator" (it is a legacy app that writes to the registry) The DLL is used by a reports app which instantiates it using CoCreateInstance. This failed unless I also ran the reports app as administrator; until I changed the linker setting from /MANIFESTUAC to /MANIFESTUAC:NO
Can anyone tell me why this works? Does it mean that I can write apps that bypass the UAC using this setting?
If your installer/registerer app has a manifest, and it says "don't run elevated", when you try to write to HKLM it fails. If you have a manifest and it says "run elevated", when you try to write to HKLM it succeeds. If you have no manifest (which you request with /MANIFESTUAC:NO), when you try to write to HKLM it writes to a virtualized location instead.
When you run the reports app, a similar triple applies although it it can read HKLM. Therefore if the reports app has a manifest, whether elevated or not, it reads HKLM. Without a manifest it reads the virtualized location. This is why you have success when both apps have a manifest or don't have a manifest.
It would probably be preferably to have your installer app with a manifest that requests elevation, and your reports app have a manifest that does not request elevation. That way all your apps are telling the truth and everything works. Plus you know why it's happening.