none
How to Turn ON UAC Virtualization on Program with Manifest

    Question

  • Hi there,

    i've read a lot of how to turn off the UAC Virtualization. In my case the Software Developer think he´s is all doing right and deployed a manifest file with the installation and make it UAC Compatible. No IT's NOT! He is writing direct to %Program files%\blah\configblah.ini file and give write access for all users on Machine. Usually this ini File is intended to save USER Settings and we have a multi user environment. Our First Level Support will freak out if different users changing daily Settings for this Software on ONE Computer. So i tried an Ini File Mapping to user Registry without success. A manual solution is to start the Program and change UAC Virtualization in Taskmanager. That works! I know its dirty, but for me it seems the best way.

    Now my Question:

    Is there a way to change UAC Virtualization to Enable like the Taskmanager with a script? (WMI maybe? Or build a wrapper?)

    Greets Penti

    Tuesday, April 24, 2012 10:07 AM

Answers

  • Just for the other guys outer here, my solution for this problem was following.

    I wrote a vbs script which is monitoring a interactive userchange or checks if a user is currently logged on. After that it is creating for the user symbolic links with mklink

    Creating Links need elevated rights. My solution for this is installing a Service who runs in system account. You can't do this direct with cscript. An old Program named srvany.exe of 2003 rk will do this (http://www.microsoft.com/download/en/details.aspx?id=17657) but only for 32Bit.

    Put this or similar into Registry:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatchDog4CamStudio]
    "DelayedAutostart"=dword:00000000
    "Type"=dword:00000010
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
      5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,72,00,76,\
      00,61,00,6e,00,79,00,2e,00,65,00,78,00,65,00,00,00
    "DisplayName"="MonitorActiveUser"
    "ObjectName"="LocalSystem"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatchDog4CamStudio\Parameters]
    "Application"="cscript C:\\Windows\\MonitorActiveUser.vbs"

    and Run after installation this vbs manually with cscript as administrative installuser, because the service will only run after reboot.

    Also you can wrap a "run as" command into a autoit exe file and put it into C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    Now here is the vbs Script:

    Dim query Dim sink strComputer = "." Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 'If a User is currently logged on check immediately Set colResultSet = objWMI.ExecQuery("Select UserName from Win32_ComputerSystem") 'we expect just one result For Each colResult In colResultSet WScript.Echo "User logged: " & colResult.UserName handleInifiles4Camstudio Split(colResult.UserName,"\")(1) Next 'Setting Sink for Users who logged on later Set sink = WScript.CreateObject("wbemscripting.swbemsink","sink_") Query = "SELECT * FROM __InstanceModificationEvent Within 5 WHERE TargetInstance.__Class = 'Win32_ComputerSystem'" objWMI.ExecNotificationQueryAsync sink, query 'Endless loop for endless check Do wscript.sleep 1000 Loop Set sink = nothing Sub sink_OnObjectReady(statusEvent, octx) Set objPrevInst = statusEvent.PreviousInstance Set objTargetInst = statusEvent.TargetInstance 'Just check for changes on UserName If objTargetInst.UserName = objPrevInst.UserName Then 'no changes, do nothing Else 'Previous User If IsNull(objPrevInst.UserName) Then Wscript.Echo "Previous no user" Else Wscript.Echo "Previous User: " & objPrevInst.UserName End If 'Current User If IsNull(objTargetInst.UserName) Then Wscript.Echo "No User here" Else 'Starting here with handling my problems Wscript.Echo "Current User: " & objTargetInst.UserName handleInifiles4Camstudio Split(objTargetInst.UserName,"\")(1) End If End If End Sub Function createsymboliclink(strSourceFolder, strTargetFolder) Dim objShell Set objShell = CreateObject("Wscript.Shell") 'Chr(34) -> Quotes caused of Path with Spaces Set objExec = objShell.Exec("cmd.exe /c mklink " & Chr(34) & strSourceFolder & Chr(34) & " " & Chr(34) & strTargetFolder & Chr(34) ) Do Until objExec.Status Wscript.Sleep 250 Loop 'objShell.Exec will hide DosBox Window ...for debugging echoing messages Wscript.Echo objExec.StdOut.ReadAll() End Function Function handleInifiles4Camstudio(strUser) Set fso = CreateObject("Scripting.FileSystemObject") arrIniFiles = Array("CamLayout.ini", "CamShapes.ini", "CamStudio.ini" ) For Each strIniFile In arrIniFiles 'Checking if File or Symbolic Link exists and delete it If (fso.FileExists("C:\Program Files\CamStudio 2.6b\" & strIniFile)) Then wscript.echo strIniFile & " exists! I will Delete it." fso.DeleteFile("C:\Program Files\CamStudio 2.6b\" & strIniFile) end If 'Creating Symbolic link for each IniFile createsymboliclink "%programfiles%\CamStudio 2.6b\" & strIniFile ,"C:\Users\" & strUser & "\AppData\Roaming\CamStudioSymLinks\" & strIniFile Next End Function

    Edit:

    It´s just a weird workaround, unfortunally not really an answer for this problem.

    Thursday, April 26, 2012 6:43 PM

All replies

  • Hi,

    For your question, please refer to the similar post below.

    http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/e67b6e39-52bb-45a7-9941-8b315611c68f/


    Juke Chou

    TechNet Community Support

    Wednesday, April 25, 2012 6:53 AM
    Moderator
  • Thanx for answering,

    i know this Thread. It describes how file/registry virualization works and what you have to do if you want to turn it off.

    My Problem is a developer, who didn´t understand what Microsofts intention was to virtualize. I know this szenario isn´t a common Problem with UAC.

    I have to correct the mistake of the developer in an uncommon way, so my question is anyway:

    How i can turn ON or TOGGLE the virtualization like the Taskmanager as a script?

    No of these interesting articles in the above thread helped me.

    At time i try to find a workaround with symbolic links (mklink), but unfortunately mklink can´t work with environment variables like %userprofile% . It build the path for just ONE user (C:\Users\testuser\examplefolder\badini.ini) instead of all users on machine (%userprofile%\examplefolder\badini.ini). Maybe a symbolic linked folder do the trick and linking the ini files to it. Sounds weird? Yes it is!

    greets penti


    • Edited by penticrack Wednesday, April 25, 2012 8:01 AM bad grammar
    Wednesday, April 25, 2012 8:00 AM
  • Hi,

    Maybe it can not be enabled via Script, but you may try to make a registry modification for a workaround.


    Juke Chou

    TechNet Community Support

    Wednesday, April 25, 2012 8:46 AM
    Moderator
  • Hi!

    Huh...

    What do you mean exactly with registry modification?

    Are there another interesting Values like ExcludedExtensionsAdd in

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\luafv\Parameters\ ?

    If so, i can´t find a documented hint.



    • Edited by penticrack Wednesday, April 25, 2012 10:13 AM
    Wednesday, April 25, 2012 10:12 AM
  • Hi,

    For a service, I think your purpose cannot be achieved. UAC virtualization can only be enabled via Task Manager.


    Juke Chou

    TechNet Community Support

    Thursday, April 26, 2012 2:43 AM
    Moderator
  • Just for the other guys outer here, my solution for this problem was following.

    I wrote a vbs script which is monitoring a interactive userchange or checks if a user is currently logged on. After that it is creating for the user symbolic links with mklink

    Creating Links need elevated rights. My solution for this is installing a Service who runs in system account. You can't do this direct with cscript. An old Program named srvany.exe of 2003 rk will do this (http://www.microsoft.com/download/en/details.aspx?id=17657) but only for 32Bit.

    Put this or similar into Registry:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatchDog4CamStudio]
    "DelayedAutostart"=dword:00000000
    "Type"=dword:00000010
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
      5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,72,00,76,\
      00,61,00,6e,00,79,00,2e,00,65,00,78,00,65,00,00,00
    "DisplayName"="MonitorActiveUser"
    "ObjectName"="LocalSystem"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WatchDog4CamStudio\Parameters]
    "Application"="cscript C:\\Windows\\MonitorActiveUser.vbs"

    and Run after installation this vbs manually with cscript as administrative installuser, because the service will only run after reboot.

    Also you can wrap a "run as" command into a autoit exe file and put it into C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    Now here is the vbs Script:

    Dim query Dim sink strComputer = "." Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 'If a User is currently logged on check immediately Set colResultSet = objWMI.ExecQuery("Select UserName from Win32_ComputerSystem") 'we expect just one result For Each colResult In colResultSet WScript.Echo "User logged: " & colResult.UserName handleInifiles4Camstudio Split(colResult.UserName,"\")(1) Next 'Setting Sink for Users who logged on later Set sink = WScript.CreateObject("wbemscripting.swbemsink","sink_") Query = "SELECT * FROM __InstanceModificationEvent Within 5 WHERE TargetInstance.__Class = 'Win32_ComputerSystem'" objWMI.ExecNotificationQueryAsync sink, query 'Endless loop for endless check Do wscript.sleep 1000 Loop Set sink = nothing Sub sink_OnObjectReady(statusEvent, octx) Set objPrevInst = statusEvent.PreviousInstance Set objTargetInst = statusEvent.TargetInstance 'Just check for changes on UserName If objTargetInst.UserName = objPrevInst.UserName Then 'no changes, do nothing Else 'Previous User If IsNull(objPrevInst.UserName) Then Wscript.Echo "Previous no user" Else Wscript.Echo "Previous User: " & objPrevInst.UserName End If 'Current User If IsNull(objTargetInst.UserName) Then Wscript.Echo "No User here" Else 'Starting here with handling my problems Wscript.Echo "Current User: " & objTargetInst.UserName handleInifiles4Camstudio Split(objTargetInst.UserName,"\")(1) End If End If End Sub Function createsymboliclink(strSourceFolder, strTargetFolder) Dim objShell Set objShell = CreateObject("Wscript.Shell") 'Chr(34) -> Quotes caused of Path with Spaces Set objExec = objShell.Exec("cmd.exe /c mklink " & Chr(34) & strSourceFolder & Chr(34) & " " & Chr(34) & strTargetFolder & Chr(34) ) Do Until objExec.Status Wscript.Sleep 250 Loop 'objShell.Exec will hide DosBox Window ...for debugging echoing messages Wscript.Echo objExec.StdOut.ReadAll() End Function Function handleInifiles4Camstudio(strUser) Set fso = CreateObject("Scripting.FileSystemObject") arrIniFiles = Array("CamLayout.ini", "CamShapes.ini", "CamStudio.ini" ) For Each strIniFile In arrIniFiles 'Checking if File or Symbolic Link exists and delete it If (fso.FileExists("C:\Program Files\CamStudio 2.6b\" & strIniFile)) Then wscript.echo strIniFile & " exists! I will Delete it." fso.DeleteFile("C:\Program Files\CamStudio 2.6b\" & strIniFile) end If 'Creating Symbolic link for each IniFile createsymboliclink "%programfiles%\CamStudio 2.6b\" & strIniFile ,"C:\Users\" & strUser & "\AppData\Roaming\CamStudioSymLinks\" & strIniFile Next End Function

    Edit:

    It´s just a weird workaround, unfortunally not really an answer for this problem.

    Thursday, April 26, 2012 6:43 PM