-1

I'm developing an iventory software for my company that demands administrative rights (WMI calls, registry access, etc.). For convenience I do no want the UAC to prompt the user for clearance to execute the app (yes, I must force the app to run even if the the user doesn't want), and I can't disable the UAC via GPO (would be perfect but a pain in the ass). I first tried to pass an AD administrative account credentials to the inventory software using another process (Processinfo on C#) but the UAC prompts remained. After a few research I discovered that if use the local Administrator credential it wouldn't give me any annoying prompt but since my company's environment is a mess, there are many stations with different credentials other than the standardized. Does anyone have any idea of how I could do this? (Using .net C#).

Paulo
  • 29
  • 2
  • 1
    Use a service or a scheduled task instead. – Hans Passant Oct 26 '15 at 22:41
  • 2
    Imagine you found a way to bypass UAC. Now extrapolate that to all the virus/malware writers that are constantly targetting windows. It's not there for your inconvenience, it's there to protect users. – James Thorpe Oct 26 '15 at 22:42
  • 2
    "yes, I must force the app to run even if the the user doesn't want" - I mean, that's the entire reason UAC exists. – Rob Oct 26 '15 at 22:50
  • Your approach to this seems unrealistic. Try to fit in with the system rather than subverting it. – David Heffernan Oct 26 '15 at 22:55

1 Answers1

1

I have accomplished this using the Task Scheduler Managed Wrapper. Be sure that you provide the local administrator group credential in setting up the task. Here's how I do it in my code:

        using (TaskService ts = new TaskService())
        {
            try
            {
                //Create a new task definition and assign properties
                TaskDefinition td = ts.NewTask();
                td.Principal.RunLevel = TaskRunLevel.Highest;
                td.RegistrationInfo.Description = "Paulos Task";
                td.Triggers.Add(new TimeTrigger() { StartBoundary = Convert.ToDateTime("01-01-2003 00:00:01") });

                // Create an action that will launch PauloApp whenever the trigger fires
                td.Actions.Add(new ExecAction("PauloApp.exe", "", Environment.ExpandEnvironmentVariables(@"%ProgramFiles%\Paulo")));

                td.Settings.DisallowStartIfOnBatteries = false;
                td.Settings.StopIfGoingOnBatteries = false;

                ts.RootFolder.RegisterTaskDefinition("PaulosTask", td,
                   TaskCreation.CreateOrUpdate, "Administrators", null,
                   TaskLogonType.Group);

                // Register the task in the root folder
                Microsoft.Win32.TaskScheduler.Task t = ts.FindTask("PaulosTask");
                if (t != null)
                    t.Run();
                else
                    //could not find PaulosTask
            }//end try
            catch (Exception e)
            {
            }
        }//end using
Krondorian
  • 616
  • 1
  • 9
  • 21
  • Do I need to provide local credentials or can I use domain credentials with administrative privileges ? – Paulo Oct 27 '15 at 00:34
  • I have only tested it using the local administrators group. I suppose you could also use domain credentials, but if you did that, I would think that every system you deploy your app to would need to have your domain windows username existing as a Windows admin on the local system? – Krondorian Oct 27 '15 at 15:42