Application works under regular user but fails with UAC errors when run by administrator ?
-
Friday, November 16, 2012 7:03 PM
Hi everyone,
I am deploying on a customer's machine, running Win7x64 Pro - via MSI - a platform composed of two elements, a main application (32 bit) and an out of process DCOM server (32 bit) that serves as an authentication demon. I run the MSI with UAC off, as an admin (it installs fine with UAC full on and as a regular user too, but I want to get that out of the way)...
The DCOM server application is a legacy WinXP 32 app. It's UAC manifesto, added when recompiled under VS2010, says "RunAsInvoker".
The DCOM server application is configured to allow Everyone LocalLaunch, LocalActivation and Local Access.
When a regular user starts my main application, it correctly - via CoCreateInstance - spawns the OOP DCOM exe and everything works.
When an admin user starts my main application the app fails CoCreateInstance with COM error : 800702E4 (The Requested Operation Requires Elevation) and the following gets logged in the UAC system log:
Log Name: Microsoft-Windows-UAC/Operational
Source: Microsoft-Windows-UAC
Date: 11/13/2012 12:49:10 PM
Event ID: 1
Task Category: (1)
Level: Error
Keywords:
User: VM-BLABLA-W7-1\MyAdminUser
Description:
The process failed to handle ERROR_ELEVATION_REQUIRED during the creation of a child process.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-UAC" Guid="{E7558269-3FA5-46ED-9F4D-3C6E282DDE55}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords> </System>
<EventData>
</EventData>
</Event>
Does this make sense to anyone, that a lesser account would be able to run things and an admin would not? Why is UAC acting up at all????
Thanks,
Dan
All Replies
-
Monday, November 19, 2012 6:19 AMModerator
Hi,
According to your description, I suggest to temporary disable UAC to see if the same issue occurs.
Furthermore, you can try to set the app to “Run this program as an administrator” for test.
right click the app -> Properties -> Compatibility page, check the “Run this program as an administrator” checkbox
Hope that helps.
Leo Huang
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Leo Huang
TechNet Community Support
-
Monday, November 19, 2012 6:59 PM
Thanks for your prompt answer, by the way.
If you could point me to any documentation regarding on how the
credentials of the user doing the install and the UAC level affect the
way an MSI installs and registers an out-of-process COM server and how
does that impact the capabilities of the COM object to be instantiated
later on during normal run processes, that would be very welcome.Thanks,
Dan
-
Monday, November 19, 2012 7:02 PM
When logged in as an administrtor, I also have to run the main app as an administrator to get it to work( to get it to be able to instantiate the COM object), UAC on or off.
With UAC on or off, whether I get it to work or not (run as admin or not), the above log entry is being logged.
-
Tuesday, November 20, 2012 3:29 AMModerator
Hi,
I this this is the purpose of UAC, it strips admin privileges from normally-launched processes.
This encourages you to not use dangerous admin powers where you don't need to.You may try to modify the UAC on Local Security Policy for test:
1 Login with Administrator
2 Type in secpol.msc into the Start menu search box and hit enter
3 browse down to Local Policies \ Security Options\ User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” and double-click on it.
4 Change the setting to “Elevate without prompting”.
Hope it helps.
Regards,
Leo Huang
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Leo Huang
TechNet Community Support
-
Friday, November 23, 2012 7:44 AMModerator
Hi,
How’s everything going? Please feel free to give me any update.
Thank you for your cooperation.
Leo Huang
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Leo Huang
TechNet Community Support
-
Monday, November 26, 2012 3:21 PMI'll be getting my users to try today (hollidays, e.t.c.). Thanks.
-
Friday, December 07, 2012 9:20 AMModerator
Hi,
Have you tried my suggestion? Does it work?
Please feel free to give me any update.
Thank you for your cooperation.
Leo Huang
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Leo Huang
TechNet Community Support -
Monday, December 10, 2012 1:24 AMModerator
Hi,
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
Regards,
Leo Huang
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Leo Huang
TechNet Community Support- Marked As Answer by Leo HuangMicrosoft Contingent Staff, Moderator Monday, December 10, 2012 1:25 AM
.png)
