Real Geek Forums > Archives > Operating Systems > Windows Vista > Windows Vista Security > What causes UAC prompts - is there a list?

What causes UAC prompts - is there a list?

Posted: 11-04-2006, 01:07 PM
Harpo
Guest
Posts: n/a
 
Hi,

well I googled a lot and still can't find a list of things that will bring
an UAC prompt if a program attempts to do them.
I only found some recommendations , like "don't write to HKLM" , but indeed
these don't cover everything.

Is there a clear list of what does and what does not bring an UAC prompt?

For example, is it possible any sort of 'Read' operation to trigger it
(reading whatever registry settings, files that belong to another user
etc. )

Can a program only write to
C:\Documents and Settings\<username>\ and HKCU ?

Thanks



Reply With Quote

Responses to "What causes UAC prompts - is there a list?"

Jimmy Brush
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-04-2006, 01:27 PM
Hello,

Any program that needs to perform an action that requires administrator
privileges must throw a UAC prompt. So, with few exceptions, if a program
attempts to do anything that your user account DOES explicitly has
authorization to do, the program will be successful.

However, if the program attempts to do something that you are not explicitly
permitted to do, but "administrators" are, the program must prompt you via
UAC in order to be able to do that something.

Also note that the UAC prompt is not "automatic" - a program must explicitly
throw a UAC prompt. If a program is not designed to do that, it will either
fail with an "access denied" error or Windows will silently trick it into
thinking it is working.

The general rule, as you have ascertained, is that most everything can be
read by programs, but anything that affects the entire system requires admin
privileges (such as HKLM and most folders outside of the user profile). But,
as I explained, the specifics are based on permissions.

It may be easier to think of it this way: All programs run as a "standard
user" and are limited as such; Only through UAC does a program run as an
administrator.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Reply With Quote
Harpo
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-04-2006, 11:10 PM
Thanks,

I sort of know all this.
I would prefer to check my apps against a list instead of guessing and later
receiving support requests.
As you say "most everything can be read by programs" , I'm interested in the
exclusions , if any - an attempt to read what will trigger an UAC prompt?
There should be a list somewhere, if not officially posted by Microsoft then
at least compiled by users with experience.

I have tried with application verifier but it creates a huge and mostly
useless log


Reply With Quote
Kerry Brown
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-04-2006, 11:48 PM
Harpo wrote:
> Thanks,
>
> I sort of know all this.
> I would prefer to check my apps against a list instead of guessing
> and later receiving support requests.
> As you say "most everything can be read by programs" , I'm interested
> in the exclusions , if any - an attempt to read what will trigger an
> UAC prompt? There should be a list somewhere, if not officially
> posted by Microsoft then at least compiled by users with experience.
>
> I have tried with application verifier but it creates a huge and
> mostly useless log
http://search.microsoft.com/results....n-US&FORM=QBMA

Your answer should be in there somewhere.

--
Kerry
MS-MVP Windows - Shell/User
http://www.vistahelp.ca/phpBB2/



Reply With Quote
Jimmy Brush
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-05-2006, 08:56 AM
> As you say "most everything can be read by programs" , I'm interested in
> the exclusions , if any - an attempt to read what will trigger an UAC
> prompt?
NOTHING your application does will trigger a UAC prompt. As I stated
earlier, UAC is NOT automatic. Your application runs as if it were started
by a standard user, even if the user is logged in as an administrator. If
your application tries to access something that the user does not have
access to (ignoring the user's membership in the administrators group), one
of two things may happen:

1) (most likely) Your application will be denied access.

2) Virtualization may kick in. This will happen if your application is
32-bit and does not have a Vista-style manifest. In this scenario, if your
application tries to WRITE to HKLM or certain system folders, Windows will
make your program think it is writing to these locations, when in fact
Windows is silently making a copy of the saved data into the user's profile
directory and leaving the data in the original location unmodified.

You seem to be making UAC into something more than it is.

UAC is simply the means by which programs run with administrator
permissions. In Windows Vista, programs can either run with "standard user"
permissions (default, even if the user is an administrator) or run with
"administrator" permissions.

A program either runs with standard OR administrator permissions. Once a
program is started, its permission level does not change. When running with
standard permissions, the program cannot use "administrator" permission.

In order for a program to run with administrator permissions, the program
must include a Vista-style manifest that tells Windows that it requires
admin permissions. Windows will then throw a UAC prompt that asks the user
for permission.

UAC is the means by which programs receive admin permission; there is no way
for a program to run with admin permissions without the user being prompted
in this manner. UAC is NOT automatic; the program must tell Windows that it
needs admin permissions for the user to be prompted through a manifest.

Please read this document thoroughly:

http://msdn.microsoft.com/windowsvis...cProtVista.asp



--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Reply With Quote
Vipin
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-07-2006, 02:56 PM
There are 3 ways to mark an application to run with admin rights. I posted
the mechanisms in response to
"UAC and scripts(.wsf)" post.

--
Vipin Aravind
http://blogs.explorewindows.com

"Jimmy Brush" <JimmyBrush@discussions.microsoft.com> wrote in message
news:0B438159-6989-4CC8-ACC0-2CB5BB0E3440@microsoft.com...
>> As you say "most everything can be read by programs" , I'm interested in
>> the exclusions , if any - an attempt to read what will trigger an UAC
>> prompt?
>
> NOTHING your application does will trigger a UAC prompt. As I stated
> earlier, UAC is NOT automatic. Your application runs as if it were started
> by a standard user, even if the user is logged in as an administrator. If
> your application tries to access something that the user does not have
> access to (ignoring the user's membership in the administrators group),
> one of two things may happen:
>
> 1) (most likely) Your application will be denied access.
>
> 2) Virtualization may kick in. This will happen if your application is
> 32-bit and does not have a Vista-style manifest. In this scenario, if your
> application tries to WRITE to HKLM or certain system folders, Windows will
> make your program think it is writing to these locations, when in fact
> Windows is silently making a copy of the saved data into the user's
> profile directory and leaving the data in the original location
> unmodified.
>
> You seem to be making UAC into something more than it is.
>
> UAC is simply the means by which programs run with administrator
> permissions. In Windows Vista, programs can either run with "standard
> user" permissions (default, even if the user is an administrator) or run
> with "administrator" permissions.
>
> A program either runs with standard OR administrator permissions. Once a
> program is started, its permission level does not change. When running
> with standard permissions, the program cannot use "administrator"
> permission.
>
> In order for a program to run with administrator permissions, the program
> must include a Vista-style manifest that tells Windows that it requires
> admin permissions. Windows will then throw a UAC prompt that asks the user
> for permission.
>
> UAC is the means by which programs receive admin permission; there is no
> way for a program to run with admin permissions without the user being
> prompted in this manner. UAC is NOT automatic; the program must tell
> Windows that it needs admin permissions for the user to be prompted
> through a manifest.
>
> Please read this document thoroughly:
>
> http://msdn.microsoft.com/windowsvis...cProtVista.asp
>
>
>
> --
> - JB
>
> Windows Vista Support Faq
> http://www.jimmah.com/vista/

Reply With Quote
Jimmy Brush
Guest
Posts: n/a
 
Re: What causes UAC prompts - is there a list?
Posted: 11-08-2006, 01:59 PM
You are correct; however, from the perspective of an application developer,
the correct way is to use a manifest.

--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

Reply With Quote
 
LinkBack Thread Tools Display Modes
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Prompts, prompts, and more prompts...jeez alex Windows Vista Administration 115 04-14-2008 07:28 PM
Running as an Admin with prompts vs Standard? Grant Windows Vista Administration 2 07-16-2006 10:22 PM
No websymbols despite _NT_SYMBOL_PROXY and !sym prompts Arne Ludwig Windows XP Device Drivers 1 06-15-2004 02:02 PM
preventing prompts when cd disk is inserted sig Customize Windows XP 1 08-08-2003 06:36 PM
command prompts Sid Windows XP Basics 0 07-20-2003 05:22 PM