Tutorial :How to make your MFC application bypass UAC in windows7 and Vista



Question:

I have an MFC application developed in VS Studio 2008 which reads and writes to a JSON file in its installation folder. It works perfectly in vista(administrator) BUT ONLY when UAC is turned off. When UAC is ON, the application isn't able to write to its JSON file. I figured I had to create a manifest file but I haven't really tried creating one.

Questions:

  1. reference: http://msdn.microsoft.com/en-us/library/bb384691.aspx. It says here that you can simply set the linker options in the Visual Studio development environment. What values do I need to select for:
    a) Enable User Account Control (UAC)? [I tried NO].

    b) UAC Execution Level? [I tried highestAvailable].

    c) and UAC Bypass UI Protection? [I tried Yes].

  2. Do I need to add the manifest file in the software package (exe, Dll's, etc.)?

Thanks...


Solution:1

The whole concept of UAC is that you can not bypass it. If you could, it would be useless.

The only solution (which is what you should do anyway, not just because of UAC) is to never ever write files in the install folder but in %APPDATA% where it belongs.


Solution:2

You should copy this file to AppData. Modifying a file in Program Files will always trigger a UAC prompt. This operation requires admin privileges and manifest won't help you with that.


Solution:3

Adding manifest file you can only declare that the application needs UAC permisison. This way the user will be prompted for UAC on application start.

If this is what you want here you can find description how to do it.

Other aprroach is to install a service which runs with LocalSystem account and is allowed to do (almost) anything without asking for UAC permission. For this to work you have to implement inter process communication between your UI applicaiton and the service. Kernel objects shared between processes have to be created from the service with appropriate security attributes in order to be accessed form not elevated programs. The installation of the service will prompt the user for UAC ( as most other installations )


Solution:4

Set the EnableLUA DWORD value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System to 0 and reboot.

this will disable UAC without a problem, i would do it to all your users, with or without permission is up to you, because the vista UAC is so horrid that i do believe the less people that have it on the better (in vista only) it is now better in win7.

have fun with my registry trick :)

works in win7 as well, let me know how you got along with it.

it turns out stackoverflow is censoring comments that show how ti disable UAC as my post/thread with above answer from a diligent answerer was removed.


Solution:5

You mentioned you tried manifesting the executable as

  • UAC Execution Level: highestAvailable

It should be set to requireAdministrator.

The difference is that highestAvailable will only elevate if the user really is an administrator who's been (UAC) stripped of their admin privelages. If they really are a standard user then it won't elevate.

On the other hand requireAdministrator will require that they elevate. If the user is not an administrator, they will be presented with a prompt to enter a Username and Password of someone who is an administrator; they'll have to call someone to come down and type in their username and password.

If the user already was an administrator, then requireAdministrator will just ask them to Continue.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »