UAC dialog box

A long winded question.

In Windows XP and 2000, one can write an application that performs a
ShellExecute with the "runas" verb to launch the Run As dialog box. I
have extended this to then automate the dialog by clicking the run as
another use radio button, filling in the user name and the password,
etc. as dictated by command line options.

In Vista, the Run As dialog looks completely different and I suspect MS
has secured the dialog so that it cannot be automated via SendMessage
calls (let alone that it doesn't look like a traditional dialog). Does
anyone know if this is true, or can the Vista RunAs dialog be automated
as in XP and W2K ?

The reason I ask is that I would like to control the which user is
selected instead of having to click down the list in the Vista dialog...

Toad

--

Sorry, you can't do that. The dialog is on the secure desktop and you cannot
send Window Messages to it from a user mode application. It is actually there
specifically to prevent user mode applications from sending Window Messages
to it. The ability to send those messages to a sensitive application is known
as a "Shatter Attack" and was the cause of many security bulletins and
updates in the Windows XP era.

If you had a service on the secure desktop already you might be able to
control it. I haven't actually tried that. That would not be a vulnerability
because you already have trusted code on the box in that case.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Toad" wrote:

Quote:

>
> A long winded question.
>
> In Windows XP and 2000, one can write an application that performs a
> ShellExecute with the "runas" verb to launch the Run As dialog box. I
> have extended this to then automate the dialog by clicking the run as
> another use radio button, filling in the user name and the password,
> etc. as dictated by command line options.
>
> In Vista, the Run As dialog looks completely different and I suspect MS
> has secured the dialog so that it cannot be automated via SendMessage
> calls (let alone that it doesn't look like a traditional dialog). Does
> anyone know if this is true, or can the Vista RunAs dialog be automated
> as in XP and W2K ?
>
> The reason I ask is that I would like to control the which user is
> selected instead of having to click down the list in the Vista dialog...
>
> Toad
>
> --
>
>

With Vista you need to use a manifest to either tell Vista to run as invoker,
highestavailable or AsAdministrator.

Preferably an embedded manifest at that, here's a sample:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>

Here's some links:
Understanding and Configuring User Account Control in Windows Vista
http://technet2.microsoft.com/Window....mspx?mfr=true

The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements
for User Account Control (UAC)
http://msdn2.microsoft.com/en-us/lib...#wvduac_topic6

--

Steve Easton


"Toad" <toad@sky.net> wrote in message news:5OSmj.81543$L%6.19300@bignews3.bellsouth.net. ..

Quote:

>
> A long winded question.
>
> In Windows XP and 2000, one can write an application that performs a
> ShellExecute with the "runas" verb to launch the Run As dialog box. I
> have extended this to then automate the dialog by clicking the run as
> another use radio button, filling in the user name and the password,
> etc. as dictated by command line options.
>
> In Vista, the Run As dialog looks completely different and I suspect MS
> has secured the dialog so that it cannot be automated via SendMessage
> calls (let alone that it doesn't look like a traditional dialog). Does
> anyone know if this is true, or can the Vista RunAs dialog be automated
> as in XP and W2K ?
>
> The reason I ask is that I would like to control the which user is
> selected instead of having to click down the list in the Vista dialog...
>
> Toad
>
> --
>