UAC and access to HKCR (Registry)

  • Thread starter Thread starter Michael Schwarz
  • Start date Start date
M

Michael Schwarz

Hi,

I have following problem: A simple file copy and COM registration tool
displays a dialog with "An unidentified program wants access to your
computer". I know that there are restricted user rights for administrators,
too, but is there any way to get rid of this messages (without having to
disable UAC)? I'm searching for something like using a certificate for this
application and put the certificate in the trusted publisher store. Using
makecert to test this doesn't work, maybe I did it wrong, is there any
step-by-step help?

Thanks for your help!

--
Best regards | Schöne Grüße
Michael

Microsoft MVP - Most Valuable Professional (ASP/ASP.NET)
Microsoft MCAD - Certified Application Developer

http://weblogs.asp.net/mschwarz/
http://www.ajaxpro.info/
 
Hello,

Any access to administrator-only areas such as HKLM will have to be done
from an elevated process. There is no way to specify that only that
particular application can elevate without prompting. This is to prevent
malicious applications from utilizing elevate-without-prompting applications
to elevate their own privileges.

Signing the file with a certificate may alter the appearance of the UAC
prompt (to make it appear less threatening), but it will not make the prompt
go away.



- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/
 
Hi Jimmy,

thanks for your reply.
Signing the file with a certificate may alter the appearance of the UAC
prompt (to make it appear less threatening), but it will not make the
prompt go away.
Click to expand...

I tried to put a MSI file in the Active Directory, and this MSI file could
write to the HKCR. So, is this maybe the solution to put everything in a MSI
file instead?

Michael
 
Jesper said:
MSI files being plumbed down from AD are installed by the Windows
Installer
service (I think) which is already running elevated. That is why those do
not
require any kind of interaction.
Click to expand...

Also, services don't get UAC - because a service generally has no user
interaction (which is a good thing), it will either have the right
privilege, or it won't have the right privilege to do a particular
operation.

Alun.
~~~~
 
Back
Top