0

I have a small app, that needs to change some stuff in the registry and open on startup and for that, I need to open the application as administrator.

I do not want the user to be asked every time if the app needs admin rights.

I tried adding a manifest file and including this line:

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

also, the application should work on stations that its users are not an administrator

is there any way to do such a thing? thank you for your help

JMIII
  • 320
  • 2
  • 16
Dor Lugasi-Gal
  • 1,430
  • 13
  • 35
  • 1
    Sounds dangerous, no? – TaW Aug 03 '18 at 16:25
  • haha, yeah , not for those purposes :) – Dor Lugasi-Gal Aug 03 '18 at 16:27
  • 1
    I'd ask what are you changing in registry? A lot of times same thing exists in HKEY_CURRENT_USER which you don't need admin rights to modify. – JMIII Aug 03 '18 at 16:29
  • yeah, I need to disable the task manager referring to this code https://stackoverflow.com/a/16611142/9615185 – Dor Lugasi-Gal Aug 03 '18 at 16:31
  • 1
    That is in current user hive so I wouldn't think you would be having an issue. – JMIII Aug 03 '18 at 16:33
  • No just tested and doesn't work on my system. Hmmm There must be some different permission there. Have you looked at subinacl? – JMIII Aug 03 '18 at 16:39
  • https://stackoverflow.com/questions/53135/what-registry-access-can-you-get-without-administrator-privileges Well I know I am not crazy at least – JMIII Aug 03 '18 at 16:42
  • https://stackoverflow.com/questions/27184781/c-sharp-disable-task-manager-error Here is where someone else is having issue. – JMIII Aug 03 '18 at 16:46
  • What is environment? I just pushed the system key through group policy as it did not exist on my computer and edited permissions and it runs without that issue. Is that an option for you? – JMIII Aug 03 '18 at 16:47
  • not sure I understood, can you explain? – Dor Lugasi-Gal Aug 03 '18 at 17:00
  • I basically used group policy to modify to permissions for that key and app runs without needing elevation now. https://serverfault.com/questions/390097/can-i-use-group-policy-to-set-the-permissions-on-registry-keys – JMIII Aug 03 '18 at 17:06
  • this app should work on about 400 computers, what you suggest, is to manually adjust settings? – Dor Lugasi-Gal Aug 03 '18 at 17:55
  • You have changed the question but don't show relevant code. Please do! – TaW Aug 03 '18 at 17:57
  • @DorLugasi No group policy can change the security permissions of that registry key to all 400 computers easily with no manual labor on your side. Also every time computer is added to domain it will automatically get. Lastly if the goal is to turn it off for 400 computers permanently you don't need to even create this and can just use group policy to push the registry change. – JMIII Aug 03 '18 at 18:37
  • this is just a part of the application of course, TaW, there is no relevant code. this is just a WinForms app running, – Dor Lugasi-Gal Aug 03 '18 at 22:14
  • I understand what you are saying. but, I know for a fact that this code can work without asking for permission, because we've tested it on another computer, and it did not throw the exception, any idea why? again, just adding key to the registry as mentioned above – Dor Lugasi-Gal Aug 03 '18 at 22:15
  • I agree it shouldn’t as you should have access to modify hkey_current_user. Who knows could be Microsoft update or something. I’d try on a fresh install or something to compare. – JMIII Aug 04 '18 at 02:34
  • actually, it was on windows 7 and the user was an admin on his station, maybe it is related? – Dor Lugasi-Gal Aug 04 '18 at 12:36

1 Answers1

1

It sure sounds like you are trying to ask for a way to bypass the security token on a key. That is simply not possible.

If the user is not an administrator, then nothing is going to let them edit a key protected by an ACL that only allows administrators to change it. If that was possible, then the entire security system is completely broken.

If your app REQUIRES admin rights, which is what you are requesting in the manifest, then you will be prompted every time it is started. There is no work around for this short of disabling UAC altogether (if there was, apps would simply always bypass UAC and make it useless).

If you REALLY need to do this, the way I would do it is with a custom action in your installer that modifies the ACL protecting the key in question to allow users to modify it. Then you wouldn't need your main application to have admin rights in the first place.

Eric W
  • 579
  • 4
  • 14