UACLauncher - launch adminprogs at startup without messages from UAC

[vigylant]

Well, this program(combo) enables you to keep UAC on (not quit mode, COMPLETELY ON), and still be able to launch program that requires administrator access on startup without UACs prompts :D

It uses a program from ASUS SmartDoctor (ASDR.exe) that launches the program that I made with administrator access (without any UAC prompts)

Then, my program launches the program the user specified in the "Start.txt" :)

I dont know how ASDR works, it just does, would be fun to know....

I modified it a little using a HEX editor to read a different registry value than its original one, new one being:

HKLM\Software\UACLauncher\Path

How the other stuff works:

1. Start my prog

2. Two programs are extracted in the same folder, ASDR.exe and instsrv.exe (from microsoft, installs ASDR as a service, name UACLauncher)

3.1 Choose to install: ASDR is installed as a service

3.2 Choose to uninstall: ASDR service is uninstalled

4. See Start.txt for info

Click to download

[ViperAFK]

I don't really see the point, doesn't that defeat the whole purpose of uac?

[vigylant]

No, cause it still protects your computer...

[Linkinfamous]

No, cause it still protects your computer...

But it's a very vulnerable attack vector for privilege escalation, which is why Vista comes with nothing to allow this.

[Evolution]

So all a hacker has to do is add their program name to start.txt... ?

[Impact]

It does seem to defeat the purpose of UAC, but I don't think many hackers are going to be able to take advantage of this, as not very many will be running it.

[vertigosity]

But it's a very vulnerable attack vector for privilege escalation, which is why Vista comes with nothing to allow this.

Scheduled tasks allows the administrator to set up jobs to start, at logon, with administrative credentials - but this is really quite similar, in that services are doing the launching, and also requires administrative creds to set up.

I've used this on my machine to get SpeedFan and BOINC, two programs that require administrative privileges to run properly (no "the programs are defective, get new ones" nonsense, ok?) at logon.

[Linkinfamous]

Scheduled tasks allows the administrator to set up jobs to start, at logon, with administrative credentials - but this is really quite similar, in that services are doing the launching, and also requires administrative creds to set up.

I've used this on my machine to get SpeedFan and BOINC, two programs that require administrative privileges to run properly (no "the programs are defective, get new ones" nonsense, ok?) at logon.

Scheduling those tasks requires the Admin password to be entered. If at any point, something executing has your password, security is already shot to hell.

This will never be a target for exploitation, because it's just a little tool that probably won't be widely enough used to gain attention.

I was just explaining why Vista didn't come with anything to do this out of the box: Because it would be a very widely exploited feature.

Edited December 4, 2007 by MioTheGreat

[vigylant]

So i can just use scheduled tasks to do the same thing? :p

[OPaul]

So all a hacker has to do is add their program name to start.txt... ?

If someone is able to edit the file that you've got bigger problems to worry about.

[scuderiaconchiglia]

Well, this program(combo) enables you to keep UAC on (not quit mode, COMPLETELY ON), and still be able to launch program that requires administrator access on startup without UACs prompts :D

Sweet! I just installed this so I can get Speedfan to start up by itself when I need to reboot. Very nice!!! Yes, yes, I realize that this creates a small security bypass vector. But the risk is damn small.

Thanks again!

Gary

P.S. When you said "ASDR is installed as a service" I looked for ASDR in the list of services but could not find it. I did find UACLauncher though! You might want to edit your first message to reflect that.

Edited December 12, 2007 by scuderiaconchiglia

[DrNo]

Thanx! This program came in extremly useful.

[Brandon Live Veteran]

So all a hacker has to do is add their program name to start.txt... ?

Well, it's not quite that simple since you can easily store start.txt in a location that requires admin privileges to access.

It's more worrisome that if you put an executable on that list that isn't in a protected location, somebody could replace that executable (or a library that it loads) with a malicious binary.

[kelchm]

I find it amusing that yo uactually think UAC is protecting your computer.

UAC is by far one of the worst security ideas Microsoft has implemented, imo.

[pyu]

I find it amusing that yo uactually think UAC is protecting your computer.

UAC is by far one of the worst security ideas Microsoft has implemented, imo.

The only UAC doesn't do well is protecting the user from his/her own stupidity. Otherwise, its pretty okay. If you think its invasive, you should see how Linux does it (hint: in the same way).

[Denis W. Veteran]

Scheduled tasks allows the administrator to set up jobs to start, at logon, with administrative credentials - but this is really quite similar, in that services are doing the launching, and also requires administrative creds to set up.

I've used this on my machine to get SpeedFan and BOINC, two programs that require administrative privileges to run properly (no "the programs are defective, get new ones" nonsense, ok?) at logon.

Scheduled Tasks is one way I got RivaTuner to boot without a UAC prompt. View instructions here. In the current version of RivaTuner it normally spawns a process that?prompts?the?user?for?elevation.?

It's quite unfortunate the ones who make the best hardware monitoring and control tools do it for free and have little to shell out to have their drivers signed.