UAC dialog box

  • Thread starter Thread starter Toad
  • Start date Start date
T

Toad

A long winded question.

In Windows XP and 2000, one can write an application that performs a
ShellExecute with the "runas" verb to launch the Run As dialog box. I
have extended this to then automate the dialog by clicking the run as
another use radio button, filling in the user name and the password,
etc. as dictated by command line options.

In Vista, the Run As dialog looks completely different and I suspect MS
has secured the dialog so that it cannot be automated via SendMessage
calls (let alone that it doesn't look like a traditional dialog). Does
anyone know if this is true, or can the Vista RunAs dialog be automated
as in XP and W2K ?

The reason I ask is that I would like to control the which user is
selected instead of having to click down the list in the Vista dialog...

Toad

--
 
Sorry, you can't do that. The dialog is on the secure desktop and you cannot
send Window Messages to it from a user mode application. It is actually there
specifically to prevent user mode applications from sending Window Messages
to it. The ability to send those messages to a sensitive application is known
as a "Shatter Attack" and was the cause of many security bulletins and
updates in the Windows XP era.

If you had a service on the secure desktop already you might be able to
control it. I haven't actually tried that. That would not be a vulnerability
because you already have trusted code on the box in that case.
 
With Vista you need to use a manifest to either tell Vista to run as invoker,
highestavailable or AsAdministrator.

Preferably an embedded manifest at that, here's a sample:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>

Here's some links:
Understanding and Configuring User Account Control in Windows Vista
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true

The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements
for User Account Control (UAC)
http://msdn2.microsoft.com/en-us/library/aa905330.aspx#wvduac_topic6
 
Back
Top