How to declare a program as "trusted"

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How can I declare a program I know as "trusted" so that UAC does not always
ask me for authorization to run it?
Thanks for suggestions
 
You can't. It would defeat the purpose of uac. What would stop programs from
changing this setting them self?
 
Hello,
For instance by asking for my password. Can't UAC distinguish between my
input as user and what the program tries to do?

Once you've pre-approved an application to run elevated without consent, the
cat is out of the bag. Other programs can run that program and bypass their
privilege restrictions.

Imagine the case where you mark the command prompt as
always-elevated-without-prompt. Other programs could start a command prompt
and then run some payload from that elevated command prompt with full
privileges - without you knowing about it - thus defeating the purpose of uac.

As for your second point, YES Windows can be made to tell whether you are
performing UI - but it CANNOT know what you intend to do with the UI.

To use my command prompt example, Windows could be modified so that a
program could only launch the elevate-without-prompting command prompt when
you say click a button. But, a malicious program could pop up a message box
saying you won a thousand dollars and only offer one button, OK, for the user
to click on to dismiss the dialog - and when the user clicks that button, WAM
the payload would be executed.

Windows CAN tell when you are doing UI ... Windows CANNOT tell what you
intend to accomplish by performing the UI, nor what an application will do
with said UI.

- JB
 
Are you using one of the Beta builds or RTM?
UAC has steadily gotten better.
I rarely see it in RTM and have left it enabled.
 
I'm in the same boat here. I mark a program as trusted and was getting
pop-ups everytime I used it (inclueding I.E. 7) I got so tired of it that I
just shut down the uac and have been pop-up free ever since...
BTW: I'm running vista rc1(bummer) missed the boat on rc2......And stuck
waiting for vista to hit the stores...
--
Just when you thought you had the top of the line system...You find out that
you have to upgrade yet again. The pain gasp!!
The suffering!!
Until Payday!!! :)
 
You now have a system that anyone can use to access the computers and
servers protected by the VPN. Why use a VPN at all? Just put your
company's data on an open IP address so the world can do whatever they want
with it.
 
Hello,

You can make/change the manifest to tell Windows how much privilege the
specific application needs; however, this won't allow you to always trust an
application. If you specify in the manifest that the application needs
administrator privileges then the system will prompt with UAC.


- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
You can change the Windows integrity level as I understand and am currently
working with. Let me know if this makes sense to everyone:

http://www.minasi.com/vista/chml.htm

Check out the above link.

Users can change the integrity level of an object if they have the SeRelabel
Priveledge.

You can remove, edit and change the Windows integrity levels via this
command line program and write a new SDDL to the file. You can read the
mandatory levels with the vista command line tool ICacls ( I can run this
command from either an elevated command prompt or just the regular command
prompt, and I have been able to view Mandatory labels). You just need read
permission for the object in order to view the mandatory label.

Here is an example:

c:\users\wosully\appdata\locallow OSULLIVAN\wosully:(F)
OSULLIVAN\wosully:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
Mandatory Label\Low Mandatory
Level:(OI)(CI)(N
 
The integrity level of an object controls what applications can modify that
object. Changing the integrity level of an .exe would control what
applications can modify the actual .exe file, not what integrity level the
application runs at.

Of course, if you are a programmer and researched it enough you could
probably make a program that implements some sort of "trust always"
functionality, but this functionality is not built in to windows and I
believe it would be doing a great disservice to users to make such a program.
 
Hello,

What applications do you run all the time that requires administrator
privileges? I would guess that either they really should not need admin
privileges, or they could be redesigned to reduce or eliminate prompts :).

I think once the Vista-compatible applications are released, this will be
much less of a problem.


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
I've got the same issue, and I'm willing to take the risk and allow SOME
programs to auto run with full privilages.

The one program I use that wants confermation EVERY time. Microsft Visual
Basic Express 2005
 
Back
Top