Force program to run as user with UAC-virtualization


Recommended Posts

Is it possible to force an exe-file to start with User-privileges so everything it tries to do goes into the UAC-Virtualization?

Right now it prompts me for permissions before i can even start it and if i click no it will just quit.

I've created a standard user account, added exe to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\Parameters\ExcludedExtensionsAdd and disabled Detect application installations and prompt for elevation in gpedit but it still keeps prompting me when i try to start it.

you can open the exe with an resource hacker tool and remove the requestedExecutionLevel Tag from the Manifest. Vista only uses the UAC-virtualization when the manifest is not included or doesn't contain the requestedExecutionLevel Tag.

Thanks for the tip, i downloaded a resource hacker and removed the requestedExecutionLevel from the manifest and the program started without uac-prompt. :)

But the installer had some kind of built in integrity-check so it detected that i had modified the file and shut down itself :(

Is there any way to make UAC ignore the requestedExecutionLevel without modifying the file you want to run?

Actually I'd like to run all programs in virtualization. Many programs(especially installers) ask for elevation even if they don't actually need it. Often they ask in advance only to get permissions to %ProgramFiles% even if i choose to install in another folder later.

I see no reason why an installer should have full access to my computer only to copy itself into a folder.

I've maybe misunderstood how uac-virtualization works but if programs can't touch system-files or other programs, won't it be like a complete sandbox?

EDIT: The program i was referring to above was World of Goo demo. But as i said, i want to virtualize as much as possible, it was just the first program i tried to install after i found out about this feature.

Edited by blehbleh
  • 1 year later...

Hi Blehbleh,

Eventually it IS possible to automatically activate UAC virtualization for any given program, no matter if it has UAC info in its manifest. I was looking for some other information about this and came on this old thread, but since I came here, I guess others may too so I will post how to do here.

So, the simplest method (and the one I use) is certainly to use the registry-based UAC shim. Let's suppose you want the command prompt to always start UAC-virtualized. You will have to add values to one of the following registry keys, the first one being system-wide, the second one per user only :

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags


Then you have to create the following value : C:\Windows\System32\cmd.exe
Type : REG_SZ (i.e. a string value)
Data : RUNASINVOKER

In case this value already exists and is not empty, just append " RUNASINVOKER" at the end of the data (without the quotes, but don't forget the space).

This seems to make UAC consider that the program doesn't have UAC information into its manifest, hence start with UAC virtualization enabled. That can come useful with programs having a manifest with UAC info, but still poorly designed... and don't tell me that doesn't exist...

Here's some more detailed info about setting UAC options.

HTH smile.gif

No need for a complete sandbox here, I think the creator of this topic only wanted UACV to work with a poorly designed app, as it is supposed to work, even when this app says (and lies) "it's OK, I'm UAC-aware, no need to use that with me".

Moreover, I'm not sure a complete sandbox would do the same job i.e. accepting and sandboxing file and registry write failures. Would it not deny access, since "true writes" would fail ? Eventually I don't know, I didn't use any sandboxing tool yet.

  • 4 years later...

Whoops, sorry ! I just came back to this old thread and noticed an error in my post. The registry keys I mentioned are not the correct ones, one should modify those instead :

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

 

I sincerely apologise to all people who lost time because of my mistake.

 

If only I could edit my post I would, but I see no edit option. Maybe because it's too old...

  On 18/09/2014 at 01:11, NovHak said:

Whoops, sorry ! I just came back to this old thread and noticed an error in my post. The registry keys I mentioned are not the correct ones, one should modify those instead :

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

 

I sincerely apologise to all people who lost time because of my mistake.

 

If only I could edit my post I would, but I see no edit option. Maybe because it's too old...

 

I modified the previous post with the updated keys. Yeah, the thread is pretty old, but this information is useful for old programs...or new ones under devs who still insist that users should turn off UAC. :P

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Calibre 8.5 by Razvan Serea  Calibre is an open source e-book library management application that enables you to manage your e-book collection, convert e-books between different formats, synchronize with popular e-book reader devices, and read your e-books with the included viewer. It acts as an e-library and also allows for format conversion, news feeds to e-book conversion, as well as e-book reader sync features and an integrated e-book viewer. Calibre's features include: library management; format conversion (all major ebook formats); syncing to e-book reader devices; fetching news from the Web and converting it into ebook form; viewing many different e-book formats, giving you access to your book collection over the internet using just a browser. Calibre 8.5 changelog: New features The scrollbars used in calibre in light mode are now the same style as the ones in dark mode, this improves the contrast making the scrollbar more accessible Kobo driver: add an option to change the how the Kobo displays series numbers using a template. Manage data files dialog: Add a button to cancel remaining books when managing multiple books Kobo driver: add support for new Tolino firmware Bug fixes Prevent Windows 11 from starting a conhost.exe process for every calibre worker process E-book viewer: Improve highlight grouping with recurring chapter names When sending emails to amazon and pocketbook use random English text instead of UUIDs for subject/body. Improved news sources NYTimes WSJ Financial Times Eenadu Fokus.se Business standard Go comics NZ Herald TLS Magazine Download: Calibre 8.5 | Portable | ~200.0 MB (Open Source) Download: Calibre for MacOS | 316.0 MB Download: Calibre for Linux View: Calibre Home Page | Calibre Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Or, it is Apple simply overinflated the screens.
    • Is it that easy though? WhatsApp is the default way the majority message in a lot of countries these days. I would prefer Signal to be as popular as WhatsApp and probably could get a few people to use it, most people are probably going to stick with WhatsApp sadly. Which leaves SMS or Facebook Messenger as alternatives a lot of people also have. (Here anyway, I know iMessage, LINE and WeChat dominate in certain parts of the world). It annoying Meta purchased WhatsApp all those years ago.
    • Do they tell Google not to scrape their content via something like robots.txt? Do they specify anywhere that certain agents aren't to scrape? If not, tough. Plus there's no obligation on anyone's part to adhere to any directives that might be in this file anyway...
    • DMDE 4.3.5.823 Beta by Razvan Serea DMDE is a software designed to effectively recover lost data. It retrieves files and folders swiftly and stores them in the user-defined location. It is an easy to use yet powerful tool that will assist both novice and experienced users in getting back lost files in just a few simple steps. Free Edition includes all basic features but a single recovery operation recovers up to 4000 files in the current panel only (you should first open a subdirectory in the current panel and then recover files in the panel). In paid licenses there is no this restriction, and recovery of nested directories is allowed. Can paid versions recover more files than the free version of DMDE? If a file cannot be recovered in the DMDE Free Edition (or it is damaged after recovery) the same will occur in the paid versions. DMDE paid versions are capable of recovering the same files. The only difference is that paid versions can recover all found files in one go, as well as restore the directory structure presented in the free version. Professional Edition provides additional features: rights to provide data recovery services portable use on different computers one-time activation on client computers (including remote use) data recovery reports (include logs and file checksums) read support for E01 disk image files using logs when copying a disk (resume copying, multiple passes) customizable I/O handler script recovery of NTFS alternate data streams DMA access in DOS (for ATA interface) DMDE key features: Portable run without installation Support for NTFS, FAT12/16, FAT32, exFAT, ReFS, Ext2/Ext3/Ext4, btrfs, HFS+/HFSX, APFS Thorough FS and Raw scan, FS reconstruction for data recovery in complex cases Simple partition manager for express search, diagnostics, and restoration of partitions Disk cloning and disk image creating, including I/O error handling, reverse copying, and other features RAID constructor for virtual RAID reconstruction supporting levels RAID-0, RAID-1, RAID-4, RAID-5, RAID-6, delayed parity, custom striping, JBOD/spanned disks; automatic calculation of RAID configurations Cluster map to investigate file allocation Disk editor compatible with the most recent Windows versions which allows viewing, editing, and navigating through different disk structures using built-in and custom templates NTFS tools to work bypassing NTFS driver (copy, delete file, create, repair directory) Support for various device I/O interfaces and settings to work with damaged devices, disk images, NTFS compression and encryption, national names, large disks, large files, large sectors, and other features DMDE 4.3.5.823 Beta changelog: Expanded built-in signatures for RAW search functionality Added file list export to HTML format (DMDE Professional Edition only, view sample) Improved handling of I/O errors with selective skipping by error code Enabled preview support for additional image (graphic) file types (Windows only) Improved extfs reconstruction when copies of superblocks with group descriptors are found Fixed potential hang during Btrfs volume reconstruction Resolved issue with cluster list creation when subfolders are present Other improvements and fixes Download: DMDE 64-bit | 2.4 MB (Free, paid upgrade available) Download: DMDE 32-bit | 2.0 MB Link: DMDE Home Page | DMDE Manual | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator
    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      676
    2. 2
      ATLien_0
      276
    3. 3
      Michael Scrip
      221
    4. 4
      +FloatingFatMan
      169
    5. 5
      Steven P.
      162
  • Tell a friend

    Love Neowin? Tell a friend!