Ignore UAC for specific programs

Is it even possible?


First of all, I really like UAC and I think it is big step forward. I got it enabled on my developer PC…


But there are few programs that I run pretty often and UAC can be quite problematic – for example Regedit or MMC. I always run at least 2 programs with highest priorities (Total Commander and CMD session), usually under different account (with higher priorities).


Problem with UAC is that there is no exclusion list… So yesterday I decided it is time to find some workaround.


Result is first version of Elevator – program that will add new Elevate me entry to context menu.


Using this you can bypass UAC without disabling it.


To show you example, MMC always require admin privileges and you must also click that you want to run that program (sorry for no video – got some problems with my web cam).


See what happens when we use Elevator.


 


How does it work?


Few days ago I tried to run some scheduled task that required admin privileges. After some investigation I found out that you can specify that scheduled task can run using highest privileges:



These scheduled tasks don’t prompt you with UAC. First idea that came to my mind was – OK, so if scheduled task runs on demand, then it should in fact disable UAC for specific program? I tried it and it worked… So for some time I was using on demand scheduled tasks – for example instead of running MMC I run Schtasks /Run /TN “Elevated\MMC”.


This was working fine – problem was that you needed to prepare your tasks. So I started to think about some general parser – something universal, easy to implement and use etc.


So I came with idea of two executables – first will prepare “configuration” (what to run etc.) and second will parse this configuration (but from scheduled task).


I tried this concept – Elevate me context menu points to ElevateRunner, ElevateRunner creates configuration in ElevateThis and then runs scheduled task called Elevator that will parse through this folder and run anything in it. Quite advantage is that neither ElevateRunner nor Elevater needs to run – they are not residents programs and they dont monitor something, so they are pretty quick and perform well (whole installation is about 36k).


Concept is definitely not the best, but it works at least for me and compared to ACT solutions it works for every program. This is definitely not solution for normal end users.


If you will decide that you give it a try, let me know if it works for you… I always love to get some feedback (maybe I will change my utilities to feedbackware ;)).


 


Installation


UPDATE: David Phillippo pointed out there was error during installation (hardcoded path was not only in template, but also in reg files). When I tried to fix this, I accidentaly rewrote whole installation script – so there is no need to modify now anything. Just unpack, run install and new context menu should appear. Please dont forget however that you must run Install.cmd in elevated mode!


  1. Download and unpack SkipUAC.zip to any location.
  2. Run Install.cmd – YOU MUST RUN IT ELEVATED! This is final step. Now you should have Elevate me in context menu for all executables and it should work fine.

 


Uninstallation


Uninstallation is pretty easy – simply run Uninstall.cmd script and then you can delete whole folder.


 


Download


Be aware that this is pre-alpha version, only proof of concept that it can be done. Because I try to share as much as possible, I will also provide you with elevator:


 


UPDATE: New version uploaded – it now works for all files, not only exes. If you want to specify some shortcut to always run elevated, check following blog post.

30 thoughts on “Ignore UAC for specific programs”

  1. Installed and hacked about with it for a bit- works fine now.

    The installer didn’t seem to create the registry entries, however it did manage to create the task with all the right settings. To add them I just merged them manually- click on the “.reg” files in “/install”.

    Also, I think you forgot to mention to change the registry paths in “Install/CreateContextMenu.reg”. They still point to your path of “C:\\Data\\SkipUAC\\ElevatorRunner.exe”. Once I changed them it worked fine.

    Great POC though. Maybe it will make it to an alpha or beta at some stage? *shameful hint*

  2. Hi David,

    thanks for info, I will try to fix it next week… Of course it was my mistake, .reg is using hardcoded path :(

    Before moving this POC I want more people to test it and report any bugs – did everything work for you (after you corrected my mistake ;))?

    Martin

  3. @David: it is fixed now… content of .reg and also template.xml is now based on current folder, so there is (or shouldnt) be any need to do anything except running Install.cmd…

    Well, maybe this means that it is no longer POC, but alfa version ;) Which features\changes would you like to see??

  4. That’s a cool idea! I wrote a frontend for CPAU that does pretty much the same thing for XP. My major concern with CPAU is that it doesn’t encrypt the information very well, and, as it sits, is a command line tool only. Could you write a version of Elevator for XP that works like CPAU, only better?

  5. Heya,

    well, what exactly would you like to see? ;) If you could prepare some list of features, then I will try to write it ;)

    Martin

  6. It doesn’t work for me. I install it (running as administrator), and I get the “Elevate me” context menu. But the program I want to run still prompts me for a User Account Control login every time.

  7. Hi CNB,

    that is strange, should work fine… What is the name of program?? Can you run anything (proven example is mmc.exe or cmd.exe)?

    Martin

  8. Hi there

    I think this app is a great idea. BUT:
    It doesn’t work for me. I tried it with mmc.exe and i get this error (when clicking Elevate me or dragging the shortcut on ElevatorRunner.exe):

    —————————
    ElevatorRunner
    —————————
    Errors encounetered:

    Der Zugriff auf den Pfad C:\Program Files\Elevator\ElevateThis\1009519115.execute wurde verweigert.
    —————————
    OK
    —————————

    Translation of the 3rd line:
    Access to path C:\(…)ElevateThis\1009519115.execute has been denied.

    (I am using a German Vista, could that cause the problem?)

    Greetings
    TheSwissGuy

  9. Hi Swiss Guy ;)

    Should work… I will try to investigate little more, can you meanwhile try to copy it outside Program Files (anywhere else)?

    Does it work or it gives you same error?

  10. Good tip, it works outside the program files folder :) (But why doesn’t it work inside? – I think you should add this as a hint to the installation instructions.)

    I tried it and it really is a good app…

    And I already have a request :D
    Would it be possible to add something like “Always Elevate” to the context menu? – Which would simply create a copy of the Shortcut and add the path of ElevatorRunner.exe into this copy…

    Keep up the good work :D
    TheSwissGuy

  11. Hi

    looks like my first reply wasn’t submitted, so I try it again…

    Just wanted to say that it works great outside the program files folder (why doesn’t it inside?). Maybe you should add a note about that to the installation instructions…

    And I already have a request :)
    Would it be possible to add a “Always Elevate” to the context menu, which would create a copy of the shortcut and add the path of ElevatorRunner.exe into it?

    swissguy

  12. @martin
    The application worked fine for me once I had altered the hardcoded paths. The only thing that did not work was when I tried to launch a program that required some config files in a relative folder (namely Joost).

    I will try installing the new improved version now and see how it goes.

    As for any improvements, it would be useful to whitelist certain programs so they are always elevated- something that again Vista’s UAC is lacking. I suppose this could be achieved in part by creating a shortcut to elevator.exe with the required parameters for the program you want to launch.

    Thanks, and keep up the good work!
    David

  13. @SwissGuy: reason is pretty simple (and I was stupid that I didnt think about it). For every application you want to elevate, you must create configuration file (so ElevatorRunner is creating configuration for Elevator). This configuration is created in same folder as application – and you cant write to Program Files of course ;)

    So for next version, I will change this path to user profile definitely ;) Sorry for this (very stupid) bug in my brain ;)

    Regarding “Always elevate”, I could add shortcuts creator (right now I am working on offline shortcuts editor utility, so that fits nicely), but I also want to find some time to create beta of HookApp from current POC (HookApp allows you to specify rules for processes – for example lock them by password, redirect them (whenever iexplore.exe is launched, launch Firefox instead) or modify them (one example is auto elevation)…
    My girlfriend is leaving for 3 months (19th of June), so I will have plenty of time to finish this :'(

    @Jens: Yep, that what lead me to creation of Elevator :D I tried that for few programs and it was working only for 1 out of 5 :( Even that MSDN article was removed :( What I want to try later is to create IgnoreUAC shim layer instead of shim itself – that could make that method much reliable (using shim only affects current process, using shim layer (aka compatibility mode) also all children processes.

    @David: Joost is working ;) Problem is that configuration is called using ..Application.ini (or something similar). I got it as open bug – Elevator is changing working copy and that is why it doesnt work. If you change argument to FQDN, it works correctly (got it working here). As you mentioned, using cmd for ElevatorRunner would also work correctly (see http://msmvps.com/blogs/martinzugec/archive/2008/05/19/elevator-command-line.aspx)

    Martin

  14. The install.cmd still doesn’t work – and I am running as administor:

    C:\Program Files\Elevator>install
    The system cannot find the path specified.
    The system cannot find the path specified.
    The system cannot find the path specified.
    ERROR: The task XML contains an unexpected node.
    (1,9):Command:
    C:\Program Files\Elevator>

  15. @Akidd: Hi, that is very strange… It looks like you are missing Src folder, can you please check it (C:\Program Files\Elevator\Src)?

    Don’t forget that Install.cmd must be elevated in order to run correctly…

    There should be 4 files:
    BeginTemplate.xml
    CreateContextMenu.reg
    DeleteContextMenu.reg
    EndTemplate.xml

    If everything is ok, can you please open Install.cmd, change @Echo off to @Echo on and re-run it?

    Martin

  16. OK my bad. I didn’t extract the SRC folder as I assumed it was the program source. Now all works as expected. Again thanks for this work.

  17. Hi,

    I tried using elevator and the first time I tought: EUREKA, I found something that actually does what I want.  But then somehow it stopped working although I was still using it to open the same program.  

    When I click ‘elevate me’, it doesn’t seem to react or something.  It also doesn’t appear in task scheduler, nor does it when I first elevate it and then run elevatorrunner.exe.  When I run elevator.exe it starts opening all the things I wanted elevated, but it gives me the UAC for it.

    The program is located at: c:\software\map\program.exe

    Do you have any help perhaps?

  18. Hi Pieter,

    are you using latest version? If yes, just run Uninstall.cmd and then Install.cmd (just be sure that you are runnning Install.cmd elevated, otherwise Elevator won’t work!).

    If that won’t help, try running (from cmd) command schtasks /query /tn Elevator and paste output here (Couldn’t not run is normal, because it is manual job).

    Martin

  19. Downloaded the program just this afternoon, so I’m guessing i’m using the latest version.
    When I use that command, when I’m logged in as administrator for cmd, it says:
    Execute next time: not appropriate or something, trying to translate, just not needed
    state: ready
    When I use it as a regular user it says: you don’t have the needed rights.
    That’s probably the problem.

  20. Ah, now I probably see problem :) You are running under different account. What you need to do in that case (didn’t test it though) is that you go to scheduled tasks and add your account permissions to run that scheduled task, that should do the trick

  21. This is worse than turning off UAC all together. if any other program uses ElevatorRunner, it can bypass UAC, but you will still think, incorrectly, that you have some level of security added by UAC.

    In addition to creating a huge security hole, it doesn’t add functionality. You can use task scheduler to create a task that runs a specific program with highest privelages, then create a shortcut to run it. With this method you are limiting the Highest privelages to that specific program; with your program any program that wants to can have highest privelages.

    Overall i would say that this is a program that shouldn’t be installed by anyone.

  22. Hi Michael,

    on one hand I totally agree with you. There are few posts\projects I wrote for this blog, but never published them because I think they are too dangerous.

    On the other hand, I am really disappointed by fact that there is really no easy way how to work with UAC if you
    a.) like to use desktop as kind of dashboard (one window maximized, rest in tray, if you don’t need something, close it immediately and open it when needed)
    b.) are administrator\consultant and need to run tools like MMC all the time
    c.) prefer keyboard to mouse

    Initial idea behind elevator was only to make it easier to create scheduled tasks automatically, however then I thought about adding it to all programs. Don’t forget that this is not fully fledged application, but proof of concept.

    If I would try to write full application, it would rather allow programs based on hashes or similar rules.

    I am gathering feedback on it right now, most people find it very interesting and user friendly. As I said it is only POC and is not used broadly, and without huge user base there is almost no risk of viruses spreading using this technique. If I will see that more people are using it, I would create much more secure version and remove this.

    As I said before, I totally agree with you – difference is that for me this approach is only POC, you see it as application for end users.

    Martin

  23. Unfortunely, according to my own test, this work only for Administrators.
    I tried to install SkipUAC as an Administrator and try to run a programm with “Elevate Me”, but no reaction.
    The problem is that the task created by the admin is not accessible by a user.
    Moreover you cannot create a task with maximum privileges as a user.
    Have you got a solution ?

    My originateing problem is that LiveViewer3, a network projector software from Hitachi, need elevation and I want normal users use it without any privilege.

  24. Ran it as admin and installed it, I have “Elevate Me” when I right click an exe or shortcut. However when I click it it brings up the box for “Choose the program you want to use to open this file.” So doesn’t work for me, ok thats fine I’ll uninstall it, follow your easy uninstall process and delete the folder… and “Elevate Me” is still there when I right click. Any solution to get this off my computer or working properly would be appreciated.

  25. Let’s try to fix it – your situation is very strange.

    1.) Download Elevator.
    2.) Open Install.cmd
    3.) Remove first line (@Echo Off)
    4.) Run ELEVATED Install.cmd – run it from cmd.exe itself, not from Explorer
    5.) Send me output to martin.zugec at gmail.com

  26. Interesting program – though it doesn´t seem to work properly. Have installed the prog. ran with admin rights. I do have the elevate me, when i rightclick any program. All the files mention on this blog are listet in folder placed under C:\skipUAC???

    Any ideas on the issue?

  27. Hi Mads,

    1.) Run elevated cmd.exe
    2.) Change @Echo off to ::@Echo of in Install.cmd
    3.) Run Install.cmd and send me output

  28. I didn’t use your program since what I was trying for seemed slightly different and I’m stubborn like that, but I wanted to thank you very much for the idea.

    I’m on a College network and they require a program running for computers on the network (Cisco’s Clean Access Agent). Because of UAC, I was having to click through a few prompts and re-input my logon information everytime my computer started, which was very annoying.

    Task Scheduler solved the problem, though! It wasn’t as easy as running it on Computer Start or user logon, unfortunately, but having the event trigger when I connect to the network worked perfectly.

    Thanks again, Sir!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>