none
create process with elevated privileges and bypass the UAC prompt RRS feed

  • Question

  • Is it possible to create process with elevated privileges and bypass the UAC prompt programmatically.
    Thursday, March 8, 2007 12:10 PM

All replies

  • No, because the virus you're trying to write would be able to install itself on my computer without my knowledge.

    And that's not allowed.

    Plus, i don't want my four-year-old installing your crapware.
    Thursday, May 14, 2009 6:00 PM
  • Yes, but it's advanced C code (See Google groups, Win32)
    Monday, May 18, 2009 4:46 PM
  • Answer: It is not possible to create a process with elevated privileges and bypass the UAC prompt programmatically.

    There is no way to secretly have your program launch elevated. If that were possible then there would be no point to running as a standard user, and no point to UAC. There is no reason why any program needs to secretly run as an administrator. The UAC prompt is your punishment for thinking you need to run as an administrator.


    You have four options
     - don't require administrative access
     - manifest your process to require administrative access and get the UAC prompt
     - run your program asInvoker, and launch code that does require administrative access out-of-process
     - convince your users that your application is the most important program on earth, and they will be unable to perform anything useful on their computer until they turn off UAC so that your program can run without requiring a UAC prompt.


    Ask yourself: What did your program do on Windows XP with a standard user?

    Did your software crash?
    Did it not run?
    Did it run but was unable to make global changes?

    Figure out how to handle standard user on Windows XP, and you'll work on Vista.

    • Proposed as answer by Jack Tripper Saturday, June 13, 2009 3:44 PM
    Saturday, June 13, 2009 3:44 PM
  • I don't usually jump in on things like this -- but I feel I must after that dribble from Jack.

    Our Platform testing lab has recently installed Hyper-V to compare it to VMware. We have literally hundreds of automated scripts that run very nicely on the VMWare platform.

    We find however that the interface to automate Hyper-V is through PowerShell, and all the commands needed to do so need to run "elevated". This would be fine if it were possible to automate that elevation. It defeats the purpose of automation if you have to have someone there to click a button. 

    I'm sure we will figure a way around it soon, or we will just drop the hyper-v platform and run happily on VMWare. 

    But it's attitudes like yours that make life difficult. Just because you can't see a need for something doesn't mean it isn't needed. 

    I might add -- Why does everything Microsoft runs need to run as administrator ? Why do I need elevated Privileges to simply start, stop or get a summary from a hyper-v server ?

    All your arguments can be aimed at Microsoft as well ;-) 

    So get off your soapbox -- lighten up ... You'll feel better 
    Tuesday, September 1, 2009 3:18 PM
  • You can register a service with whatever privileges you need (though making the registration will require admin privileges.)

    From there you should be able to create a process and run your scripts, or set up tasks, etc, easily enough.

    Tuesday, September 1, 2009 6:01 PM
  • I think easier to use Vtube activex to bypass UAC :)
    at:
    http://www.pda-tec.com/Vtube.shtml
    Wednesday, September 23, 2009 1:48 AM
  • We find however that the interface to automate Hyper-V is through PowerShell, and all the commands needed to do so need to run "elevated". This would be fine if it were possible to automate that elevation. It defeats the purpose of automation if you have to have someone there to click a button. 

    I'm sure we will figure a way around it soon, or we will just drop the hyper-v platform and run happily on VMWare. 

    But it's attitudes like yours that make life difficult. Just because you can't see a need for something doesn't mean it isn't needed. 

    I might add -- Why does everything Microsoft runs need to run as administrator ? Why do I need elevated Privileges to simply start, stop or get a summary from a hyper-v server ?

    Your choices are
    • run powershell elevated
    • disable UAC
    But you're not going to find a way for a standard user to make themselves an administrator.

    You need to be an administrator to start/stop Hyper-V, for the same reason you need to be an administrator to start/stop any service: you (well, at least i) don't want regular users to be able to do that. i don't want my mom thinking that 7 copies of svchost is too many, and killing four of them. i don't want them to be able to change the clock. i don't want them to be able to modify files outside their profile path.


    So, in your particular case, the answer litmus test i gave earlier: what would you have done on Windows XP as a standard user? In your case the answer is that your testing would have failed. Which is fine i guess, so long as you're not testing the software itself, or a web-service, or an automated system.

    But i would follow David's suggestion. Make your powershell administrative, but have it launch the actual software being tested as a regular user. (Note: i'm only guessing what you're testing - i assume it's software)

    Saturday, February 27, 2010 2:04 AM
  • Yes, and I've the code...

    Tuesday, January 3, 2012 12:36 AM