tags:

views:

374

answers:

7
Q: 

How do I get past Windows Vista security?

Is there a way to get my .exe file to execute with administrator rights instead of me killing the LUA at registry or right click file and running as administrator?

When I alter the registry it prompts the user which I don't want. I am only adding the file to kill the LUA to give the user full rights to execute my .exe file.

If I can just get it to execute as administrator it would save me editing the registry. I can't find the source code for the application. It is coded in Delphi so it is a problem to add anything and the .reg file needs to be run with the .exe files on Windows Vista.

How can this issue be resolved?

+6  A: 

You can't. If you could do it, any exe could to it and that would defeat the purpose of the UAC (assuming arguendo you believe there is a purpose for UAC). You can manifest your exe to require administrator privileges, but that will not stop the user prompt.

JP Alioto  2009-07-08 22:23:17
A: 

I'm not able to test this since I've only got XP with me at the moment...

Try creating a batch file with the runas command in it.

Note that the password will still need to be entered but it may save a couple steps.

steamer25  2009-07-08 22:24:40
A: 

If you just want to avoid the right-click and run as admin you can rename the exe to something like xyzSetup.exe.

There is (hopefully) no way that you can bypass the prompt, otherwise anyone can do it.

sgmoore  2009-07-08 22:30:09
there is always a way its just a case of finding it, nothing is impossible.
 2009-07-09 00:02:01
How does name of the file affects need of the right-click? Does Windows run *Setup* files somehow different?
Petr Peller  2010-02-16 09:31:49
For compatibility with lots of existing setup and installation programs, windows guesses that a program whose names contains words such as setup, install or update will probably do things that require admin rights and hence automatically runs the program as admin.
sgmoore  2010-02-16 15:42:35
+3  A: 

There are two proper ways to do this:

  1. As already noted mark your exe as requiring elevated privilleges - the user will be prompted when starting your program, administrator privilleges and user confirmation are required.

  2. Create a service running as LocalSystem that is allowed to do anything without prompting the user. In this case you have to implement interprocess communication mechanism for the service to communicate with user UI program, which may not be trivial. For this scenario your program has to be installed by administrator, but after that may be used by anyone - this is common for corporate scenarios.

Generally speaking Vista compatibility may not be easy to achieve and depending on your software may require a lot of work.

devdimi  2009-07-08 22:33:52
A: 

If you are just trying to avoid repeated prompts and don't mind being asked for the password or permission once, you could use runas with the /savecred option.

sgmoore  2009-07-08 23:19:36
A: 

As I wrote in another question ( http://stackoverflow.com/questions/852867/disable-vista-uac-per-application-or-elevate-privileges-without-prompt/852895#852895 )

Generally this problem solved by installing a Windows Service which runs as SYSTEM or an admin account. Then your application can request the privileged action from this service.

Obviously to not pose a security threat ensure that your service can't run arbitrary code or something which might leave the all users vulnerable to privilege escalation attacks.

Winpcap and most of the other sniffing applications use a similar design to give sniffing access to unprivileged users.

Install your service during the first run (or in the installer, which will require UAC prompt).

dr. evil  2009-07-08 23:25:24
A: 

Generally this problem is solved by installing a Windows service which runs as SYSTEM or an administrator account. Then your application can request the privileged action from this service.

Obviously to not pose a security threat ensure that your service can't run arbitrary code or something which might leave the all users vulnerable to privilege escalation attacks.

WinPcap and most of the other sniffing applications use a similar design to give sniffing access to unprivileged users.

Install your service during the first run (or in the installer, which will require an UAC prompt).

I will have to read up on this but I don't have access to my source so this would be a problem.

 2009-07-08 23:34:35

related questions

Shut-down script on Windows to delete a registry key?
Looking for C# registry class
VB6 error : Error accessing the system registry
How to get runonce to run, without having to have an adminstrator login.
Adding a guideline to the editor in Visual Studio
How do you clear your MRU list in Visual Studio?
Windows wallpaper: not just BMPs?
Folder with Extension
read/write to Windows Registry using Java
Is there a Windows Registry "dictionary" that explains the whole (or most of) the Windows Registry?
Registry key that contains the folder for the local user's Programs folder on Vista
Save registry values in WinCE using a C# app
What registry access can you get without Administrator privleges?
Does having a registry full of old stuff slow down Windows?
How to print css applied background images with the winforms webbrowser control
Cannot create an environment variable in the registry
programmatically merge .reg file into win32 registry
How to read a value from the Windows registry
(IIS/Win2000Pro) Granting Registry read rights to IIS user?
Windows: List and Launch applications associated with an extension
Best Way To Determine If .NET 3.5 Is Installed
How to register COM from VS Setup project?
Registry vs. INI file for storing user configurable application settings
Is this a good way to determine OS Architecture?
Visual Studio Setup Project - Per User Registry Settings