开发者

How to make your MFC application bypass UAC in windows7 and Vista

I have an MFC application developed in VS Studio 2008 which reads and writes to a JSON file in its installation folder. It works perfectly in vista(administrator) BUT ONLY when UAC is turned off. When UAC is ON, the application isn't able to write to its JSON file. I figured I had to create a manifest file but I haven't really tried creating one.

Questions:

  1. reference: http://msdn.开发者_C百科microsoft.com/en-us/library/bb384691.aspx. It says here that you can simply set the linker options in the Visual Studio development environment. What values do I need to select for:

    a) Enable User Account Control (UAC)? [I tried NO].

    b) UAC Execution Level? [I tried highestAvailable].

    c) and UAC Bypass UI Protection? [I tried Yes].

  2. Do I need to add the manifest file in the software package (exe, Dll's, etc.)?

Thanks...


The whole concept of UAC is that you can not bypass it. If you could, it would be useless.

The only solution (which is what you should do anyway, not just because of UAC) is to never ever write files in the install folder but in %APPDATA% where it belongs.


You should copy this file to AppData. Modifying a file in Program Files will always trigger a UAC prompt. This operation requires admin privileges and manifest won't help you with that.


Adding manifest file you can only declare that the application needs UAC permisison. This way the user will be prompted for UAC on application start.

If this is what you want here you can find description how to do it.

Other aprroach is to install a service which runs with LocalSystem account and is allowed to do (almost) anything without asking for UAC permission. For this to work you have to implement inter process communication between your UI applicaiton and the service. Kernel objects shared between processes have to be created from the service with appropriate security attributes in order to be accessed form not elevated programs. The installation of the service will prompt the user for UAC ( as most other installations )


You mentioned you tried manifesting the executable as

  • UAC Execution Level: highestAvailable

It should be set to requireAdministrator.

The difference is that highestAvailable will only elevate if the user really is an administrator who's been (UAC) stripped of their admin privelages. If they really are a standard user then it won't elevate.

On the other hand requireAdministrator will require that they elevate. If the user is not an administrator, they will be presented with a prompt to enter a Username and Password of someone who is an administrator; they'll have to call someone to come down and type in their username and password.

If the user already was an administrator, then requireAdministrator will just ask them to Continue.


Set the EnableLUA DWORD value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System to 0 and reboot.

This will disable UAC without a problem, I would do it to all your users, with or without permission is up to you.

Works in Windows Vista and Windows 7 as well.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜