My application needs to run with administrator privileges because of some specific phone components.
I've build an executable that does nothing else than calling the real application with the specific local administrator account (username and password).
I use the ProcessStartInfo and Process class for this purpose.
The problem: Some word interop is being done and the required word templates are stored on a unc share.
Local admin -> no domain/network context -> no access to shares.
Are there any other solutions than these two:
put a domain account into the administrator group on the affected machines and call the app. with this user
put the word templates onto the local drive
Maybe there are some uac elevation experts out there?
I think the best way would be to temporarily switch back to the "real" domain user context, but I don't know how this should work without providing his credentials...
Thanks for reading - and maybe feedback!
Having that small application, which knows the administrator password is a security nightmare. Have you tried opening the .exe for your small app in notepad? I'm fairly sure that the password will be there - in plaintext for anyone to read.
It is far better to solve this by giving the user running the app the required privileges. Full administrator access is very seldom required. Have you tried looking into exactly what the phone app needs? Sysinternal's Process Monitor is often very good to use.
Related
I've been wrestling with this issue for a few days and can't find any posts that solve it for me. Maybe what I want isn't possible.
We have developed a WinForms application for internal use at our company.
Most employees do not have admin access in windows.
Our application requires admin access to the machine and needs to automatically start when the user logs on.
Here's what I've tried:
1) Putting a Shortcut in the Startup folder
I can get the app to automatically launch (using a relauncher), but it still requires an admin to be at the computer on every restart (to enter the password).
2) Registry Key
I created a Software\Microsoft\Windows\CurrentVersion\Run registry key to automatically start the application. Whether I run the relauncher or the app itself, UAC demands a password on every restart (or relogin).
3) Scheduled Task
I created a scheduled task to automatically start the app on logon using admin permissions on the machine (under use the following account). I also checked the 'Run with highest privileges' box. UAC still pops up on every restart.
4) Windows Service
I tried to run the app as a windows service, but it has a user interface (which is disabled by windows services).
5) Disable UAC for Specific Program
It looks like you can disable UAC for a specific program but that involves downloading the Application Compatibility Toolkit, creating some kind of database, etc. I'd very much prefer that our IT staff wouldn't have to do that at every machine. At this point, it's probably my only option.
It seems like an admin should be able to install an application so that it runs automatically without a prompt. Am I missing a way to do this?
You should make split your program into a non-admin UI, which runs on user startup, and an admin service, which performs the administrative tasks.
To run admin-requiring code from the UI, use WCF to ask the service to do it.
Beware that hostile parties may impersonate the UI and ask the service to do malicious things; you need to carefully figure out what the service should be able to do in response to IPC calls.
Your problem is not a UAC problem, it is a security problem.
And the answer depends on what your application that "requires admin rights" needs to do.
If your application needs to be able to start, and stop services, then the User needs the ability to start and stop services. In which case you need to give the users that privilege.
If the user's need the ability to alter or delete files, then they need that privilege too. In that case it is easier to grant Full Control permissions to Everyone.
If your application needs the ability to modify registry keys in the HKLM tree then you can, again, grant Full Control to Everyone in the registry.
If you need your users to have the ability to modify items, then they need permissions to modify those locations. Granting them those NTFS permissions is not a bad thing; it is exactly what those permissions exist for - to control access.
But why
But then we ask why? What is it you're doing that users need all the rights of an administrator, and all capabilities of an administrator, all the power of an administrator, but you don't want to make them a member of the Administrator's group?
The answer is almost invariably that your internal use application doesn't need to run as an administrator.
What Would XP Do?
The question becomes:
What would you do on Windows XP?
A standard user on Windows XP didn't even have the UAC convenience feature. If a user wanted to run an application an administrator: they had to logout and login as an administrator. How did, or how would, the application work on a system with UAC disabled?
Presumably very little of your application needs to run as admin - the rest would be better running as the unprivileged user. This is very common (think self-updating browsers, for example).
The proper way to do this is to install a service to do the privileged bit, and have the UI communicate with the service.
Our application requires admin access to the machine ...
Why?
You cannot bypass the UAC prompt, and this is by design.
See FAQ: Why can’t I bypass the UAC prompt? for a good discussion of why. Excerpt:
If it were possible to mark an application to run with silently-elevated privileges, what would become of all those apps out there with LUA bugs? Answer: they'd all be marked to silently elevate. How would future software for Windows be written? Answer: To silently elevate. Nobody would actually fix their apps, and end-user applications will continue to require and run with full administrative permissions unnecessarily.
I have a simple C# app (it is WPF), and I am polling a network location for any new *.pdf. The app runs elevated.
The network location has been mapped to the local PC as P:\ so it is quite simple to just monitor P:\ by just doing a Directory.GetFiles("p:\", "*.pdf"). This technique works great.
However, the other day I ran into an exception: "Could not find part of the path 'P:\'" (DirectoryNotFoundException).
I noticed the drive was mapped to the PC, but when the IT guy clicked on the drive in windows explorer, it required a login and password. We were then able to view the P:\ in explorer, but my app still could not access the p:.
I had the IT guy remove the login/password and then it worked (but it could have been due to a restart too, I am not sure).
What is confusing me is that I am not aware of any moment where they 'enabled' password protection for the mapped location, so I am not sure when, why, or how it stopped working. I didn't even know it was password protected.
That leads to my very simple yes/no question: If a mapped drive is password protected in windows explorer, and a user types in the login/password so that they can get to it in explorer, is that enough such that my app does not need to login with user/pass information?
If the answer is no, then I will google the proper technique for accessing p:\ using a user/pass. But any explanation about my problem is surely appreciated.
Thanks
The reason it ask for password as the current used logon into windows do not have access to that network path, so did the program run with your logon.
What you need to do is get IT guys give the account which run your App the permission to access directly so that the password protection will be transparent for you
I didnt get correct answer and got lots of answers like "we can not do like this" for my previous questions.
Thats why I decided to explain in detail about my problem please help me if you can or please ask your friend who can answer this.
Now my problem:
Step 1:
I created a C# program which edits various windows registries.
For editing windows registries we must have an Admin privilege.
My program is running fine in Administrator mode without any problem.
Step 2:
I want my program to be run into limited user mode also. If few people didnt get what I am saying here is that I want to run my above C# code into Guest mode.
In guest mode there is a restriction that We can not change Windows Registries.
So as I am executing my Application, I am getting one notification which is asking for Admin Password.
After inserting Admin Password my application is working fine.
Step 3:
I want that my application must not ask Admin password every time in Guest/limited account.
I also want that in Guest mode my Application should work.
I also want that in Guest mode my Application should be able to access and change Windows Registries.
Step 4:
Lot of people replied me that we can not do this in Guest mode since Windows is restricting users to edit windows registries for security purpose. So please if you also feel like this then please do not reply to this question.
I am answering to those people that, all good antivirus which run into Guest mode has access to Windows Registries.
Step 5:
Since I know Admin Password so is there any way of saving Admin password in our C# code and bypass popup message of asking Admin password again and again.
Is there any way that we will instruct Windows that our application will be running in Admin mode and do not ask for Admin password again and again
How Antivirus application running in Guest mode do all the operation like deleting virus from system32 folder and resetting registries after Virus attack. These antivirus application never asks for "We found a virus in System32 folder, Since I am running in Guest mode and unable to delete virus, so please enter Admin password so that I can delete virus"
I hope you understood what i mean to ask?
I want to develop a C# application which should run in any mode (Admin/Guest/Limited) and should be able to Create, Edit and Delete Windows Registries.
Note: Please do not answer this with "right click and Run As Administrator".
To the best of my knowledge, antivirus software solves this problem by running two (or more) processes: a user interface program running as the guest user, and a privileged process (usually a Windows service). The user program is not able to actually manipulate privilege-restricted resources (like secure registry hives) -- instead, it communicates with the privileged process (hopefully in some secure way) and the privileged process performs the privileged action on behalf of the user.
This is the same kind of technique by which programs ever access privileged resources, such as hardware. Your user-level process doesn't (usually) have the right to perform various hardware actions, like remapping memory in the MMU, but the OS does, and you can get the OS to do what you want by asking it to. System calls thunk into kernel mode, which is fully privileged. However, the system call interface limits the kinds of privileged actions which you can take.
I cant help but saying, NO, you cant do admin things under a guest account. And no- you cant programmatically bypass UAC.
Maybe the following 2 workarounds are interresting for you?
I believe antivirus software runs under the System account (can only be installed by an administrator). For your application, you can create a server/client architecture (both running no the same machine) where the server is installed by the administrator (as part of the whole package) and runs by default under the System account. Then you can use the client on the quest account to send commands to the server.
One other solution might be not to use the registry directly but use another underlying datastore which is accessible by a guest account and synchronize that on demand with the registry (startup and shutdown?), so you only need the admin to login once or twice during the run of your app.
In Windows just because your account is in the Administrators group doesn't mean it is privileged enough to be able to delete some system files. Is there a way to perform actions with this 'supreme' admin power in C# without having to login to Administrator account(Only using an account in the Administrators group).
EDIT
In my case it is a personal application (I'm sorry I didn't specify this) and I trust myself to not delete any system files or give any rogue virus access to this privilege. I am using a domain account on a personal computer and while I have got Administrator on my personal computer I don't want to keep switching between users. What I want is a simple way of running my program as the highest possible privileged user. Is there no way whatsoever unless logged in as a full Administrator?
Question Answered thanks. I have been informed that there is no possible way of launching an application with FULL administrator rights as you can in Linux with the sudo command. Adding a UAC manifest was helpful though as it specified how to implement rights into my app(http://msdn.microsoft.com/en-us/library/bb756929.aspx).
//closed
Background: I am by no means a windows security / user permissions expert. I have an application (written in C#), that has to be able to write / delete files & folders in its root directory, write / delete files elsewhere on the disk, write/modify values in System Registry (Local Machine) and start & stop other applications and services. I figure that I need administrator privileges for at least some of those actions.
I tried running this and on computers with UAC turned off it works great without any additional settings. However on computers with UAC turned on (any level above 'never notify' in Windows 7) it will crash. I need it to work on all computers.
Up to now I would just manually check the "run this program as administrator" checkbox and everything would be fine. However now we have decided that we will allow customers to install this software on their own, and it needs to run "out of the box".
I have a deployment project in Visual Studio 2008 that installs everything and writes the necessary start up data in registry. What I need to do now is to set the "Run this program as Administrator" flag. I am guessing this isn't quite as simple as I'd like it to be.
So What is the proper way of doing this? This program is started on startup, and it would be irritating for our customers if UAC would pop up (and possibly dim the screen) every time they restart their computer.
Thank you for your help.
EDIT: Thank you for your replies. I realise that working around UAC would be frowned upon, and I can see that Microsoft does not support "white lists" so it would ask for permission only once. That's fine I can respect that, however I do have some follow up questions:
Can you provide me with a link that will show me how to properly elevate the program to correct elevated state? Is there any literature on what are the options, etc... Basicly I'd love a UAC 101 guide.
Is there a way to elevate the security status when I need the extra privileges (and only then prompt with UAC). Basicly this applications runs in the background, doing mostly nothing for most of the time. Every now and again it will check some files (at this point I will require to be able to write to disk and read the registry (read only is fine at this point), however since it's a temporary folder it wouldn't matter where I'd put it. If there is a location where the application can write without any privileges that would be perfect.)
However at some point I will need to preform all the rest of the tasks (user needs to confirm this action anyway) so if UAC would prompt at this point that would be no problem. Is there a way to elevate it just at this point, and then return it to default permissions?
Will such a solution work with older versions of Windows, including Vista and Xp (and perhaps older?) What would it take to make it work?
The proper way is to elevate when the program starts, with the UAC prompt (which you can set via the program's manifest) - attempting to be clever and bypass it is frowned upon.
Think about it - if you could install something which would elevate automatically without the UAC prompt ... what would be the point of UAC?
To add a UAC manifest to a program you simply add the manifest in a project and edit it. A sample manifest for UAC is here. If you want to elevate at the last possible moment then you need a spawn separate process - you cannot elevate an existing process. So separate that bit out and then start it using
Process.StartInfo.UseShellExecute = true;
Process.StartInfo.Verb = "runas";
You need to rethink how your application works. You're quite correct that it would be annoying to display an elevation prompt on login. So don't do it. On the other hand, you may well have tasks which you need to perform using administrative access.
So you have two choices:
Change your tasks so that they no longer require administrative elevation (e.g., write your files elsewhere).
Break your application into a Windows service component and a user interface component. The service component can run under an elevated account (hopefully the least-elevated account necessary to perform the tasks you need to do). The user interface component can talk to the service (via named pipes or similar) when necessary.
You can split your program into two components:
a user application running without elevation
a Windows service that is responsible for the tasks that require elevation
Since you're using .NET, communication between the components is probably easiest done using WCF.
And as a side note: Programmatically modifying files under C:\Program Files is not considered good practice and might lead to a number of other problems. Windows has dedicated places for storing configuration settings and other program data.