1

I have a binary which creates and later removes entries from Program and Features (also comes up in Add/Remove Programs). While I can get UAC permissions when creating the entries, my requirements do not allow me to show a UAC prompt when I need to remove the entries. This makes sense as you should need admin permissions when deleting registry entries from HKLM.

But I have noticed that I am able to uninstall the entries from the Program and Features window without a UAC prompt. How is uninstalling from there, which invokes my binary anyways, different from me invoking my binary directly? Is there some way I can run my binary the same way and avoid the UAC prompt?

sohil
  • 508
  • 1
  • 3
  • 14

1 Answers1

1

By default, UAC gives special treatment to the built-in Windows control panels, allowing them to silently elevate. Because of this, when your uninstaller is launched from Programs and Features it is already elevated and does not need to prompt.

There is no way to make Windows treat a third-party application in the same way, although the user can change the settings so that all applications elevate silently - or, conversely, so that control panels don't elevate silently.

Harry Johnston
  • 35,639
  • 6
  • 68
  • 158
  • I had thought of this, but the UAC prompt is shown for other uninstallers but not when launching my uninstaller. Shouldn't the elevation behavior be uniform for all uninstallers? – sohil Sep 11 '12 at 09:38
  • I've seen the same behaviour, but not always. I expect that it depends on the internal structure of the uninstaller and/or how it is registered. – Harry Johnston Sep 11 '12 at 20:49
  • Can you give any suggestion about where I could find documentation or where I should ask this? – sohil Sep 12 '12 at 10:22
  • Well ... I guess if you can identify a piece of software that requires additional elevation you could ask the vendor about it. But I don't really see the point. We already know the important fact, that an application launched in the normal way can't elevate itself silently. – Harry Johnston Sep 12 '12 at 21:11
  • The special treatment is given to "non-Windows" or "non-Microsoft" binaries. I cannot find any details of what that exactly means, but the setting is the Local Security Policy setting called "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode", for which the default value is "Prompt for consent **for non-Windows binaries**." This means: "When an operation **for a non-Microsoft application** requires elevation of privilege, the user is prompted [...]" (emphases mine; see http://technet.microsoft.com/en-us/library/dd851609.aspx). – MarnixKlooster ReinstateMonica Apr 24 '14 at 12:18
  • @MarnixKlooster: not all MS binaries are on the whitelist, for example `cmd.exe` is not. Note that the Group Policy editor is not reference documentation; the names of the various options don't necessarily provide a precise description of their behaviour. – Harry Johnston Apr 24 '14 at 22:34
  • @HarryJohnston So _is_ there any reference documentation on this point? All I could find are the vague labels "non-Windows binaries" and "non-Microsoft application". Please extend your answer to prevent chat-in-comments. :-) – MarnixKlooster ReinstateMonica Apr 25 '14 at 05:32
  • What did you want to know, exactly which executables are in the whitelist? I doubt MS have documented that, but it doesn't matter, we don't need to know. – Harry Johnston Apr 25 '14 at 09:33