none
UAC elevation prompt for WD Drive Unlock.exe to unlock external HD

    Question

  • Windows 7 Home Premium 64-bit
    Western Digital WD My Passport 2 TB external hard drive

    Western Digital's security software allows a password to be set on the external drive, encrypting it. When the drive is connected to a PC, a virtual CD (VCD) partition runs (via autorun) an unlocker utility WD Drive Unlock.exe, that allows password entry.

    When I connect the locked drive to a Windows 7 PC (that does not have any WD software installed), the autoun popup appears and I select "Run WD Drive Unlock.exe". At that point, User Account Control (UAC) elevation prompt appears, requiring Administrator password in order to continue.
    WD Drive Unlock then lets me enter password.

    Because of UAC elevation, the unlocker can be used only by an Administrator user or by a standard user account who knows the Administrator password.


    QUESTION

    Is UAC elevation prompt truly necessary?
    Is it appearing because Western Digital hasn't coded the unlocker exe correctly, or would any such utility require UAC elevation?

    I'd like to find a way that a standard user account can run the unlocker to enter passsword and access the external drive, without having to know the Windows Admin password.

    Friday, October 19, 2012 9:46 PM

All replies

  • If you wish "standard users" to have access, disable "WD's" security, and change drive "properties, security settings", to "Everyone". Or try lowering "UAC" level to less secure, (note, lowering UAC, lowers all administrater prompts), but you will still be prompted for "WD" password.

    You are getting security prompts due to drive security level.



    I read way to fast, sorry, leave "WD" security, and change drive security in Windows for sandard user to allow full control. 
    • Edited by larsel Friday, October 19, 2012 10:26 PM
    Friday, October 19, 2012 10:17 PM
  • Thanks for the reply.

    The drive is already set (by default I suppose) for Everyone to "Full control".

    But, it is not the hard drive that is being accessed when the UAC elevation appears. It is the Virtual CD (VCD) partition.

    AutoPlay loads WD Drive Unlock.exe from the Virtual CD (VCD) partition on the drive, which is UDF. Even if you are right about the reason, I cannot change it because the Virtual CD (VCD) partition is not writable, and when I view its Properties there is no Security tab at all. I cannot write to or modify the Virtual CD, so no way to give full control to all users.



    • Edited by franklin-xy Friday, October 19, 2012 11:46 PM
    Friday, October 19, 2012 11:44 PM
  • I suppose you could try "sharing" the virtual CD like you would a physical optical drive?
    Saturday, October 20, 2012 1:02 PM
  • Thanks for the idea. But, the result is the same.

    I shared to Everyone with Full Control. But, when connecting the drive when logged in as a standard user account, the same process occurs: UAC elevation requires the Windows Administrator password to proceed.

    Saturday, October 20, 2012 2:59 PM
  • Hi,

    This is the design of User Account Control (UAC).

    When a user who has administrative or other powerful privileges or group memberships logs on, Windows creates two access tokens that represent the user account. One token, the "unfiltered" token, has all the user’s group memberships and privileges, and the other token, the “filtered” token, represents the user who has the equivalent of standard user rights. By default, this filtered token is used to run the user’s programs.

    When UAC is enabled, to enhance the security of the system, normal tasks such as read email, surf internet, access/create a file, system uses a standard user access token. If the standard users are not granted the right to run the programs, an Elevation Windows will appear. This is a by design behavior. To change this behavior, you may disable UAC feature.

    More information: User Account Control Step-by-Step Guide


    Tracy Cai

    TechNet Community Support

    Monday, October 22, 2012 5:49 AM
    Moderator
  • Thanks for the reply. I'm aware of how a administrator account runs as a standard user until elevated.

    So are you saying that there's no way that WD could code their unlocker so that it would not require UAC elevation?

    What if the unlocker created a Scheduled Task? I have seen that technique used to allow protected access without UAC elevation prompt.

    For example, CCleaner normally requires UAC elevation and Admin password to run. But, within CCleaner we may select the option "Skip User Account Control warning" which will then allow it to run without UAC elevation and Admin password. It does this by adding a task to Windows Task Scheduler to "Run with highest privileges".

    The Windows Task Scheduler technique is discussed here: http://www.raymond.cc/blog/task-scheduler-bypass-uac-prompt/

    I tried that technique with the WD unlocker. I was able to create a shortcut to a Scheduled Task that launches the WD unlocker without UAC elevation prompt, so no UAC password required (after the initial one to create the task). Unfortunately, as the Virtual CD partition is locked, I cannot set the autorun file to run this new shortcut. But, surely Western Digital developers could do something similar?


    • Edited by franklin-xy Monday, October 22, 2012 2:11 PM
    Monday, October 22, 2012 12:59 PM
  • Hi franklin-xy,

    Thank you for your reply. Yes, we can launch a program with highest privileges by creating a task in Task Scheduler. This is method to elevate User Account Control without prompting. It will definitely help others who facing similar problems. Thanks for sharing!


    Tracy Cai

    TechNet Community Support

    Tuesday, October 23, 2012 3:08 AM
    Moderator
  • That technique could work, except that I don't have write access to the Virtual CD partition, so I cannot replace the original Unlock launcher with one that is already elevated.

    But, it does show that Western Digital could do something about this issue, as obviously they could code their app such that its first run creates the elevated Scheduled Task, just as CCleaner does.

    Tuesday, October 23, 2012 12:22 PM
  • WD created the software to write to the HKLM section of the registry. A standard user only has read permissions to HKLM. It is clearly a coding error by WD.  on Windows 10 with Baracuda Security installed and running, it may also be necessary to copy the unlock program and related files to the local hard drive and run it from there.  WD really needs to fix this poor programming.  Take a look at IronKey, it has better encryption security and does not require writing to the HKLM part of the registry. - Patrick

    Sunday, March 4, 2018 5:13 PM