R – Vista: Can an EXE bypass user confirmation while invoking another EXE

createprocessdelphiuacwindows-vista

I have 2 applications written in Delphi. The first exe (with a user interface) calls another using ShellExecuteEx(), which runs as a background process.

When the first exe invokes the second, one of these two things happen:

  1. When I log in as an admin, a UAC dialog comes up with the Allow/Cancel prompts. Selecting Allow continues the execution.

  2. If I log in as non-admin, an admin credentials dialog box is displayed, and I need to enter the admin username/password to continue.

On both occasions, I want the second exe to run without any user intervention. How can I make it possible?

And yes, I tried applying the ElevateCreateProcess mitigation as suggested by SUA tool, but it doesn't seem to work – the behaviour is as before.

Thanks for your help.

Best Answer

The first EXE needs to be launched with elevated privileges to invoke the second without a UAC prompt. Or...you can use a manifest for the second EXE telling Vista that it's not an admin tool and to just run as the current user.

Saved as Second.exe.manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<!-- Vista UAC Support -->
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
  <ms_asmv2:security>
    <ms_asmv2:requestedPrivileges>
      <ms_asmv2:requestedExecutionLevel level="asInvoker" />
    </ms_asmv2:requestedPrivileges>
  </ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
Related Topic