I'm running a program which scan a tag and output the value to the keyboard.
This works perfectly in windows 10, but in windows 11 it work in some programs but not in others.
If I try to get the input to notepad, it works. If I try to get it to notepad++, it does not.
It seems to me to be a windows setting, but I get no error messages and there's nothing in the log files.
If anyone know of any solutions or have any ideas on what I can try, I'd be overjoyed.
It's a windows feature UIPI (User Interface Privilege Isolation). I you do not run the writing program as admin, it cannot output to programs which run as admin.
Related
I have written a small program in c# that helps with switching between licenses for my company. It's a tray icon with a menu with the different choices.
It changes an environment variable and needs to have elevated rights in its manifest.
This means that the UAC warning shows up every time the program starts, which is not ideal because it would be really nice to have the program on autostart when Windows starts, without the warning showing up all the time.
Are there a good way to do this?
Is it possible to:
Run the program without elevated privileges and only get the UAC
warning when I call the function to change the variables.
Change the
environment variables without admin rights.
Add the program to a "white list" programmatically (although more realistic, add it manually)
I know the UAC is there to protect from malicious software, but it would be really nice to solve this in a way that enables me to start the program at Windows start.
I haven't been able to fine any silver bullet on this problem.
Any advise?
The normal way around this is you have a windows service that runs with system privileges that will set the environment variables for you.
You will need to have your installer install the service and set it to auto start. Then your tray application will need to communicate with the service with some kind of Inter-Process Communication (like WCF), the tray program can then send the requests to change the variable and the service can execute those changes.
Another way to handle this is start your program un-elevated then when you need to do something that requires UAC privileges you launch a new copy of your program as an administrator and pass in command line arguments that tell it to do the work you need done then exit. You also could have your program check to see if it is an admin, and if it already is elevated it could skip the step of starting the new copy.
What you need to do is move the license information to a location that all users can write to:
user's own environment variable
%CSIDL_COMMON_APPDATA% (e.g. C:\ProgramData, which all users can write to)
HKEY_CURRENT_USER
The ideal solution involves writing to a common machine-wide location:
%CSIDL_COMMON_APPDATA% (e.g. C:\ProgramData)
HKEY_LOCAL_MACHINE/Software/Contoso/License
C:\Program Files\Contoso\License\license.txt
Legacy software can't be changed
But assuming there are many existing unchangeable applications that cannot be altered to look anywhere else but an environment variable for license information you can (after you smack that guy who designed that):
write the license information to the user's own environment variable
Your switching tool will call:
SetEnvironmentVariable("ContosoLicenseInfo", "V2h5IGFyZSB5b3UgZGVjb2RpbmcgdGhpbmdzIHRoYXQgZG9uJ3QgYmVsb25nIHRvIHlvdT8=");
What would you have done under Windows XP
All this hand-wringing about UAC. You have to ask yourself:
What would I have done under Windows XP?
Without UAC, and the user running as a standard user, what will your license switching tool have done?
would have it crashed horribly on startup?
would it have crashed as soon as the user tried to use it?
would it have failed in a polite way?
would it show a message on startup saying: "Sorry, no."?
What would you have done under Windows 7?
Even better, you have to ask what you would have done for a user running under Windows 7? A standard user logs in, and you have a program in their startup group that claims to require administrative privileges.
The user needs to go get an administrator during login to run your tool? That's not going to fly.
If you're dead set against using a per-user location.
If you're dead set against using a common location that all users can write to
Then change your tool to run without needing user privileges.
Only when the user goes to do something do you need admin privileges.
Check if the user is an admin:
Boolean IsUserAnAdmin()
{
PSID administratorsGroup;
administratorsGroup = AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0);
Boolean result = CheckTokenMembership(0, administratorsGroup);
FreeSid(administratorsGroup);
}
If they are an admin, you can perform the action as in.
If the user is not an admin, then you put the UAC shield on the Apply button.
You then re-launch your tool as an admin:
ShellExecute("runas", "C:\Program Files\Contoso\LicenseSwitcher.exe", ...); //the "runas" verb triggers elevation
But what would you do under Windows 7
None of the UAC stuff works if UAC is disabled. In that case: you are a standard user, and that's it.
In that case, it really is best to convert to:
machine wide location for the default license
per-user location if you want to choose your own
UAC is there to protect the Windows User by alerting them (and requiring an explicit action) that a particular application is requesting elevated permissions. If it was possible to bypass it from with the application itself them it would leave it a little pointless :)
I would assume that you are looking to change environment variables globally because I believe that you can change them for the current process without being elevated.
We have an application that needs get from an Administrator account to another limited account and the other way around. Currently we are setting the auto logon in the registry, then reboot the machine. This takes up to 3 reboots as the machines are EWF enabled. Our customer support just cannot sit around and wait for the remote machines to reboot while there's an angry customer on the phone.
We have a windows service and a ui running on the machines (written in C#). Most of them are windows 7, but some are windows xp and windows 8.
I was wondering if anybody here knows a way to maybe trick windows into thinking it was just rebooted and auto log into an account. Anybody know of anything? I do know there are tricky ways to log into an account automatically from the login screen, but as far as I understand that's going to require writing a module to replace GINA in windows XP, and in windows vista and up, since GINA was replaced with a "Content Provider", writing a Content Provider or something, both of which seem overkill, but a possible future solution. Any ideas?
NOTE: We are not switching between accounts so that the application can run a process under that account, we are switching between accounts so real people have either administrative access or limited access to the computer. Hope that makes it a little more clear
If you have an application that needs to run between other users and an administrator, you should be creating a launcher application. The launcher application should be using Process.Start() to start your application. You can supply ProcessStartInfo arguments to Process.Start() so that you can run the application using different credentials.
Here'some help. For Xp, there's a simple registry key that does it (search google for AutoLogon), for Win7, it's a bit more complex. See this topic:
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-to-turn-on-automatic-logon-in-windows-7/99d4fe75-3f22-499b-85fc-c7a2c4f728af
I think we had something like this running somewhere, but it wasn't my task and the collegue is on vacation this week. Maybe the above link helps, i'll ask him otherwise.
I wrote a C# application that is running well on my xp development machine.
When my client is running it on different PC, it seems to freeze on both vista and 7 machines.
I would like to know if there is any issue on running dotnet applications on vista/7.
I compiled the application for both framework 2.0 and 3.5 but it didn't help.
The log file neither doesn't help.
Is there any way to know where is the application freezing (of course, the client doesn't have VS for attaching to the application) ?
Thank you in advance for any help.
Pierre.
Generally, .NET application should run the same on any Windows version with .NET framework installed. Most common problem that occur are related to the new User Account Control policy in Vista and 7, which prevents applications from accessing areas requiring elevated privileges (which would otherwise run fine under an Administrator account in XP).
For example, if your application is trying to write configuration settings to the Program Files folder (which is a really bad idea, btw), or is using some hardcoded disk or registry paths instead of environment variables provided in .NET classes, it may fail under Vista.
To quickly check if this is an UAC privilege problem, try to run the application as an administrator (have your client right click the .exe file and select Run as Administrator). If it works, then this suggests that you need to examine your code and update it to make sure you are only accessing allowed areas.
Check this link for more information: Making apps UAC aware.
As redsquare suggested, the best way to test your application in a variety of Windows systems is to run them in several virtual machines (MS Virtual PC or VMWare Player, both of them free for download).
You do not give much information in order for us to help a great deal.
I would start by trying to recreate the issue locally on a virtual machine (vista one available here) and then profiling the app with something like memprofiler.
Ask your client to capture a process dump using Windows Task Manager,
In Task Manager, find the process that hangs.
Right click and capture a memory dump.
Then you can do some analysis on the dump to see why it hangs.
If you are not familiar with dump analysis, find someone who can help or open a support case via http://support.microsoft.com
csharp applications are supposed to run on vista/win7. This is their home:)
Your problem is not the OS. its your application.
Most probably the application is looking for a file, a folder, something on the client side that is not there and its freezing. this is my experience.
Check for project independencies and make sure you have shipped to your clients everything your project needs.
and last, distribute to one client the debug version with debug messages enable and get the feedback from their system.
I'd like to know how to restart a computer in such a way that once restarted it will log in using given credentials via a command-line command or perhaps using some other method perhaps in C# code.
To give context, I'm going to need to run this remotely on Windows XP, Vista, And Windows 7 and I am attempting to form a large list of commands to be given to psexec in the command line in a consecutive order. At given points, it may be necessary to restart and log in and resume executing the commands, and I am wondering how I can accomplish this. I know PsShutdown exists and it handles restarting, but how about logging in? How will I know when the machine haqs fully restarted so I can give the login command? C# code will work as well but it's not preferrable.
So main issues:
how to restart a machine (I already pretty much know)
how to know when a machine has restarted
how to log in as soon as it is capable
how to know when it is fully logged in and ready to execute commands
If you have access to the registry on the target PCs, you can set the DefaultPassword, DefaultUserName and (optionally) DefaultDomain.
http://support.microsoft.com/kb/315231
This definitely works with XP. I think it is the same withe Vista/Windows 7.
Once this is set, you can reboot the PC using PsShutdown.
Background: I am by no means a windows security / user permissions expert. I have an application (written in C#), that has to be able to write / delete files & folders in its root directory, write / delete files elsewhere on the disk, write/modify values in System Registry (Local Machine) and start & stop other applications and services. I figure that I need administrator privileges for at least some of those actions.
I tried running this and on computers with UAC turned off it works great without any additional settings. However on computers with UAC turned on (any level above 'never notify' in Windows 7) it will crash. I need it to work on all computers.
Up to now I would just manually check the "run this program as administrator" checkbox and everything would be fine. However now we have decided that we will allow customers to install this software on their own, and it needs to run "out of the box".
I have a deployment project in Visual Studio 2008 that installs everything and writes the necessary start up data in registry. What I need to do now is to set the "Run this program as Administrator" flag. I am guessing this isn't quite as simple as I'd like it to be.
So What is the proper way of doing this? This program is started on startup, and it would be irritating for our customers if UAC would pop up (and possibly dim the screen) every time they restart their computer.
Thank you for your help.
EDIT: Thank you for your replies. I realise that working around UAC would be frowned upon, and I can see that Microsoft does not support "white lists" so it would ask for permission only once. That's fine I can respect that, however I do have some follow up questions:
Can you provide me with a link that will show me how to properly elevate the program to correct elevated state? Is there any literature on what are the options, etc... Basicly I'd love a UAC 101 guide.
Is there a way to elevate the security status when I need the extra privileges (and only then prompt with UAC). Basicly this applications runs in the background, doing mostly nothing for most of the time. Every now and again it will check some files (at this point I will require to be able to write to disk and read the registry (read only is fine at this point), however since it's a temporary folder it wouldn't matter where I'd put it. If there is a location where the application can write without any privileges that would be perfect.)
However at some point I will need to preform all the rest of the tasks (user needs to confirm this action anyway) so if UAC would prompt at this point that would be no problem. Is there a way to elevate it just at this point, and then return it to default permissions?
Will such a solution work with older versions of Windows, including Vista and Xp (and perhaps older?) What would it take to make it work?
The proper way is to elevate when the program starts, with the UAC prompt (which you can set via the program's manifest) - attempting to be clever and bypass it is frowned upon.
Think about it - if you could install something which would elevate automatically without the UAC prompt ... what would be the point of UAC?
To add a UAC manifest to a program you simply add the manifest in a project and edit it. A sample manifest for UAC is here. If you want to elevate at the last possible moment then you need a spawn separate process - you cannot elevate an existing process. So separate that bit out and then start it using
Process.StartInfo.UseShellExecute = true;
Process.StartInfo.Verb = "runas";
You need to rethink how your application works. You're quite correct that it would be annoying to display an elevation prompt on login. So don't do it. On the other hand, you may well have tasks which you need to perform using administrative access.
So you have two choices:
Change your tasks so that they no longer require administrative elevation (e.g., write your files elsewhere).
Break your application into a Windows service component and a user interface component. The service component can run under an elevated account (hopefully the least-elevated account necessary to perform the tasks you need to do). The user interface component can talk to the service (via named pipes or similar) when necessary.
You can split your program into two components:
a user application running without elevation
a Windows service that is responsible for the tasks that require elevation
Since you're using .NET, communication between the components is probably easiest done using WCF.
And as a side note: Programmatically modifying files under C:\Program Files is not considered good practice and might lead to a number of other problems. Windows has dedicated places for storing configuration settings and other program data.