3

I have a workstation on a domain that's displaying the UAC (User Account Control) prompt for executing a program and I can't figure out why (I don't want it running with administrator privileges).

It's a Windows 7 workstation and Windows Server 2003. None of the other workstations are exhibiting this symptom (logging in with the same user account). The EXE file is on a mapped network drive. In the shortcut's Compatibility properties, the "Run this program as an administrator" is NOT checked. There's no manifest on the application requesting administrative privileges (and none of the other workstation are getting prompted).

What other Windows settings can trigger the UAC prompt for an executable?

Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
Scott Bussinger
  • 1,801
  • 4
  • 24
  • 27

3 Answers3

1

There seems to be a Windows internal list of programs that require the UAC dialog, even though they don't have a manifest. It is not very transparent, how exactly Windows goes about determining, if a given executable should always display the UAC dialog on startup.

I stumbled over this with the Bitstream Font Navigator, which comes together with CorelDraw. If I just rename the FontNav.exe to FontNav1.exe, starting it no longer displays the UAC dialog. Windows is using more information than just the file name however, renaming another exe without manifest to FontNav.exe did not bring out the UAC.

The way I see it you have two options:

  1. You can just rename the exe and deploy it as it is
  2. You can add a manifest to the executable (using the mt.exe tool, see the bottom if this MSDN article), specifying the following behaviour:
    • asInvoker — Never displays the UAC dialog
    • highestAvailable — Displays the UAC dialog for members of the admin group. Regular users get no dialog, they always start the application with user rights
    • requireAdministrator — UAC dialog is always displayed

When going for the manifest option, asInvoker would be my choice.

Treb
  • 111
  • 3
0

First thoughts

  • Is it set to run as admin on other boxes?
  • Is UAC disabled on other boxes?
  • Is any local log path in a privileged directory?

Edit: Based on comments on other answer, try caspol to establish the network drive as trusted

It's been some time since I've had to do this sorry so YMMV

gbn
  • 6,079
  • 1
  • 18
  • 21
  • No it's not running as an administrator on the other boxes. UAC is not disabled on the other boxes. The UAC prompt occurs prior to the execution of the application so what it might happen to access while running couldn't affect this. But it writes only to the user's profile folder anyway so that shouldn't be an issue. – Scott Bussinger Feb 21 '11 at 21:59
0

Lots of things. To start with:

  • Accessing restricted areas of the registry
  • Accessing restricted areas of the file system
  • Setting system environment variables
  • Executing a file from an untrusted source

What's the executable supposed to do?

squillman
  • 37,883
  • 12
  • 92
  • 146
  • It's an in-house developed application so we have total control over it (that's how I know it doesn't have a manifest). UAC prompts occur prior to the execution of the program so what operations it actually performs won't affect whether the UAC appears or not. In any case, no privileged operations are performed (remember that it works on all the other workstations). The "untrusted source" is a possibility though since it's a network drive. I'm not sure why this particular system would be different. Other than in "Internet Options", is there any place that specificies untrusted sources? – Scott Bussinger Feb 21 '11 at 22:11