Application will not behave under UAC even though it requires no privileges

uac

We have been having serious trouble getting an application we devlop running with UAC enabled for long.

Once installed (the installer fails almost immediately with UAC) it appears that UAC can be turned on and have the application work. However, after a while, it will stop working with strange errors about cannot find a file that it just created.

Just to get this straight:

XP as admin:          Fine  
XP as limited user:   Fine
Vista no UAC admin:   Fine
Vista no UAC limited: Fine
Vista UAC admin:      FAIL
Vista UAC limited:    FAIL

The software contains no privilege checks anywhere. If I understand the documentation correctly, anything working as a limited user should work with UAC; however this is proving not to be the case.

EDIT: I must apologize for asking a problem much harder than it originally appeared. We have in fact found at least one bug in folder virtualization and think there are more out there. At this point, the only reasonable hope to get it running is to find an API call that can be executed as a limited user that disables folder virtualization for the calling process and any process it spawns (recursively). The reason we cannot just add a manifest is that the software calls into third-party software that actaully can vary per machine.

Best Answer

Look up virtualization of the filesystem and registry on Windows Vista. If your app uses certain parts of the filesystem and/or registry you will find that your app "works" - that is, the APIs succeed with no errors - but that data isn't stored where you expect. In particular, many areas that would have been shared between multiple users on one machine are now out-of-bounds, and the data actually goes into some storage that is specific to the current user. You'll only find out some time later that users aren't actually sharing the same data.

There is a way to stop this Virtualization from happening. Provide a manifest file for your application to say that it knows about UAC, as described here... http://msdn.microsoft.com/en-us/library/bb756929.aspx.

It doesn't matter specifically what level of privilege you ask for in the manifest file. The mere presence of it says that your app understands UAC and the OS won't try to be clever and virtualize access to "privileged" areas of the filesystem or registry. API calls will simply fail if you don't have the necessary privilege to access those things, and that will be a lot easier for you to debug.

Related Solutions

Python – Request UAC elevation from within a Python script

As of 2017, an easy method to achieve this is the following:

import ctypes, sys

def is_admin():
    try:
        return ctypes.windll.shell32.IsUserAnAdmin()
    except:
        return False

if is_admin():
    # Code of your program here
else:
    # Re-run the program with admin rights
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)

If you are using Python 2.x, then you should replace the last line for:

ctypes.windll.shell32.ShellExecuteW(None, u"runas", unicode(sys.executable), unicode(" ".join(sys.argv)), None, 1)

Also note that if you converted you python script into an executable file (using tools like py2exe, cx_freeze, pyinstaller) then you should use sys.argv[1:] instead of sys.argv in the fourth parameter.

Some of the advantages here are:

No external libraries required. It only uses ctypes and sys from standard library.
Works on both Python 2 and Python 3.
There is no need to modify the file resources nor creating a manifest file.
If you don't add code below if/else statement, the code won't ever be executed twice.
You can get the return value of the API call in the last line and take an action if it fails (code <= 32). Check possible return values here.
You can change the display method of the spawned process modifying the sixth parameter.

Documentation for the underlying ShellExecute call is here.

C# – How to elevate privileges only when required

I don't believe that it is possible to elevate the currently running process. It is built into Windows Vista that administrator privileges are given to a process upon startup, as I understand. If you look at various programs that utilise UAC, you should see that they actually launch a separate process each time an administrative action needs to be performed (Task Manager is one, Paint.NET is another, the latter being a .NET application in fact).

The typical solution to this problem is to specify command line arguments when launching an elevated process (abatishchev's suggestion is one way to do this), so that the launched process knows only to display a certain dialog box, and then quit after this action has been completed. Thus it should hardly be noticeable to the user that a new process has been launched and then exited, and would rather appear as if a new dialog box within the same app has been opened (especially if you some hackery to make the main window of the elevated process a child of the parent process). If you don't need UI for the elevated access, even better.

For a full discussion of UAC on Vista, I recommend you see this very through article on the subject (code examples are in C++, but I suspect you'll need to use the WinAPI and P/Invoke to do most of the things in C# anyway). Hopefully you now at least see the right approach to take, though designing a UAC compliant program is far from trivial...

Best Answer

Related Solutions

Python – Request UAC elevation from within a Python script

C# – How to elevate privileges only when required

Related Topic