none
Temporarily disabling UAC for an application? RRS feed

  • Question

  • I have a specific question regarding what I feel must be a common problem with the worst "feature" ever:

    My situation: I have 5-10 (standard)users that use a firmware updater for a probe we service, within XP the "updater.exe" runs fine without a snag but in Win7, the UAC asks for admin permission from the user every time.. The vendor of this probe is unresponsive to the issue so far so it looks like it’s on me to find a workaround. Other constraints: Our organization's GPO's prevent the UAC from being turned off all together and user credentials from being stored (eliminating the option of shortcutting a schtask).

    Question: Assuming that these constraints are unwavering, is there a script cmd to temporarily disable UAC ala SU in unix/linux?

    Things I've tried: Giving full ownership and rights to the user for this program. Running the program in xp-mode and selecting "run this program as an administrator” under the "compatibility for all users" tab. Running the .exe from an elevated command prompt.. Making an scheduled task and shortcutting it..

    Things I can’t or don’t want to do: Giving these users blanket privileged rights just to run this stupid.exe, this will lead to other problems as these users have not been known to be brightest group. I don’t want to wait on the Vendor to step up to the problem. We only have till Dec 21<sup>st</sup> 2012 anyway right? I feel like this is just the tip of the iceberg for UAC problems and if I cant get straight solutions, it’ll put a big damper on further deployment of Win7.

    Thanks Steve

     

    Wednesday, January 26, 2011 4:13 PM

Answers

  • If a program could temporarily disable UAC, it would defeat the purpose. Surely, any virus or nasty program would take advantage of this loophole.

    Could the updater run from a Startup script, which runs with System privileges on the local computer? Or perhaps it can be deployed in a GPO.

    Richard Mueller


    MVP ADSI
    • Marked as answer by IamMred Tuesday, February 1, 2011 7:54 PM
    Wednesday, January 26, 2011 4:30 PM
    Moderator
  • Hi Szitterk,

    I think the following blog entry may help you understand the design considerations behind UAC:

    http://blogs.msdn.com/b/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx

    It is my opinion (which some might find controversial) that UAC doesn't cause problems; it merely reveals them.

    HTH,

    Bill

    • Marked as answer by IamMred Tuesday, February 1, 2011 7:54 PM
    Wednesday, January 26, 2011 6:17 PM
    Moderator

All replies

  • If a program could temporarily disable UAC, it would defeat the purpose. Surely, any virus or nasty program would take advantage of this loophole.

    Could the updater run from a Startup script, which runs with System privileges on the local computer? Or perhaps it can be deployed in a GPO.

    Richard Mueller


    MVP ADSI
    • Marked as answer by IamMred Tuesday, February 1, 2011 7:54 PM
    Wednesday, January 26, 2011 4:30 PM
    Moderator
  • Hi Szitterk,

    I think the following blog entry may help you understand the design considerations behind UAC:

    http://blogs.msdn.com/b/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx

    It is my opinion (which some might find controversial) that UAC doesn't cause problems; it merely reveals them.

    HTH,

    Bill

    • Marked as answer by IamMred Tuesday, February 1, 2011 7:54 PM
    Wednesday, January 26, 2011 6:17 PM
    Moderator