Question How do I run c# application as published user within UAC dialog

Kamen

Kamen

Active member
Joined
Nov 30, 2020
Messages
28
Programming Experience
1-3
Skydiver said:
You can read from Program Files without admin rights.

You can change Time Zones without being an admin. Do you really need to change the time when modern Windows actually synchronizes itself with NTP servers which use atomic clocks to keep time?

The correct thing to do is to get the UAC only at the time when you are trying to do something that actually requires admin rights, at the time when you need it. You don't want to always be running as admin. By always running as admin, you open up the attack surface for viruses. A virus will just have to inject itself into app instead of trying to inject itself into other more will known apps/processes which are more actively monitored by AV software and/or Windows Defender.

Please follow the Windows Guidelines with regards to UAC:
docs.microsoft.com

User Account Control (Design basics) - Win32 apps

A well designed User Account Control experience helps prevent unwanted system-wide changes in a way that is predictable and requires minimal effort.
docs.microsoft.com
Click to expand...
Hello.
Thanks for your kind help.
I made my c# app to run as an administrator using process reference instead of requireAdministrator excutionLevel . So my app run in startup and I can write file and change system time.
By the way my app has some problem still now. It seems to be UAC problem.
Whenever my app start on windows 10 64bit, "unknown publisher ..." message popup now.
I attached the message screen now. If I set UAC level to lowest(never notify) in UAC setting, I never get this message but I want to keep the level and prevent this message.
Can you help me in this section?
 

Attachments

  • 2021-01-07_00h33_28.png
    2021-01-07_00h33_28.png
    44.2 KB · Views: 38
Solution
Skydiver
I understand now. Nowhere in this thread or in your original thread did you ever mention that your app would be running on an offline PC and that it would never sync online. How were we supposed to figure out that you had those 1990's style constraints on a modern app running on Windows 10?

Anyway, so I am guessing that the reason why you want to be able to set the time is because the machine is locked down, and so you want a way for the user to update the time when the clock does drift, but without having to enter the admin password required by the UAC dialog.

My suggestion is to break up your app into two parts. Part runs as Windows service which gets installed and runs with system rights, or as user with admin rights. Windows...
Sort by date Sort by votes
Kamen said:
I want to prevent the windows UAC dialog itself.
Click to expand...
Don't run app as administrator/elevated. Don't do anything that requires administrator permissions.
 
Upvote 1 Downvote
I understand now. Nowhere in this thread or in your original thread did you ever mention that your app would be running on an offline PC and that it would never sync online. How were we supposed to figure out that you had those 1990's style constraints on a modern app running on Windows 10?

Anyway, so I am guessing that the reason why you want to be able to set the time is because the machine is locked down, and so you want a way for the user to update the time when the clock does drift, but without having to enter the admin password required by the UAC dialog.

My suggestion is to break up your app into two parts. Part runs as Windows service which gets installed and runs with system rights, or as user with admin rights. Windows services do not show the UAC when they start up. The other part is just a regular Windows app that runs as a normal user. When there is something that you need to do that requires elevated privileges, then send a message to the service for it to do the work.

Kind of strange to have a modern ordering system where all the order data just stays on that single machine. Does the user attach a printer and print out the order, and then someone takes the printout and types the same information back into the fulfillment system? Or do you at least use a USB stick to move the data around?
 
Upvote 1 Downvote
Solution
It's up to you how you send a message to your Windows service: shared memory, named pipe, TCP port, file system, .NET Remoting, etc. The point is to send a signal to your Windows service that you need it to do something on your behalf. This is how the Windows Installer does things where some operations require higher privileges than the user has -- it talks to the windows installer service to do some of the work.

You'll say: "But wait, the Windows Installer pops up the UAC sometimes." Yes, it does, but not because it is trying to run elevated. It pops up the UAC when it determines that .MSI contains operations that require elevated privileges and so the user better be authorized to perform such operations on the machine. It's just like the UAC you see when you try to change some settings in the Control Panel. Control Panel itself may not be running elevated, but if you are trying to make some system level changes, then the UAC is brought up first to determine if you are allowed to make those changes.
 
Upvote 1 Downvote
Hello, Thanks for your time.
By the way, I want to prevent the windows UAC dialog itself.
Is it possible?
Looking forward to hearing from you as soon.
Regards.
 
Upvote 0 Downvote
Why?

As I mentioned above, you don't really need to change the time, and you don't need admin rights to change time zones.

What files do you need to write that need admin rights?
 
Upvote 0 Downvote
My app run with communication through COM port and should work with registry. And also need to write and delete log data file in place where app is installed in C:/program files folder.
In my work experience in this project, such operation requires administrator permission.
So I tried to do it by setting my app.miniforst as requiredAdmin but I perform it with processor reference after.
now my app.miniforst file has been set with asInvoker.
By the way, could you explain how to change system time without admin permission?
And also I want to know how to prevent windows UAC dialog with admin permission.
Thank you.
 
Upvote 0 Downvote
I may not be so, it sounds as pre-Vista thinking. You can read/write HKCU and read HKLM without admin rights. Log data shouldn't be written in application folder, but in a local app data folder.
Kamen said:
prevent windows UAC dialog with admin permission
Click to expand...
Only way I know is using task scheduler, explained in your other thread. The task needs to approved as admin when created. The task can be configured to run on demand, including from a desktop shortcut without UAC prompt.
Kamen said:
could you explain how to change system time without admin permission?
Click to expand...
@Skydiver talked about that too here Question - How do I run c# application as administrator in start up
 
Upvote 0 Downvote
JohnH said:
I may not be so, it sounds as pre-Vista thinking. You can read/write HKCU and read HKLM without admin rights. Log data shouldn't be written in application folder, but in a local app data folder.

Only way I know is using task scheduler, explained in your other thread. The task needs to approved as admin when created.

@Skydiver talked about that too here Question - How do I run c# application as administrator in start up
Click to expand...
But I don't must do any other additional operation in windows OS out of app.
I need to solve all problems in my project programmatically.
Is it possible?
You said me that I can read/write HKCU and read HKLM without admin rights. Log data shouldn't be written in application folder, but in a local app data folder.
Can you explain in more detail?
could you explain how to change system time without admin permission?
I want to hear from you about this qustion.
 
Upvote 0 Downvote
Yes you need admin rights to change the system time. But I'm telling you that you don't need to change the system time. The system time is set by the OS by talking to NTP servers so that the machine is synchronized with highly accurate atomic clocks all over the world. All that needs to be done is to change the local time zone. You don't need admin rights to change the timezone.
 
Upvote 0 Downvote
Upvote 0 Downvote
Just adding some extra information, a possible drawback to task scheduler is if you configure to run as admin and run also when other user is logged in, if the user session itself is not admin the task will not run interactive (you can't see it and interact with it). If the user is the admin the elevated task runs without UAC prompt (and interactive).
Kamen said:
But I don't must do any other additional operation in windows OS out of app.
Click to expand...
UAC is what it is, there's no way around that.
Kamen said:
Can you explain in more detail?
Click to expand...
See the registry class for how to open a key in readonly mode. Use Environment.GetFolderPath to get the LocalApplicationData folder. The forms Application class also has a property to get it.
 
Upvote 0 Downvote

Similar threads

ajbrehm
  • Question
How to publish MAUI app? (Visual Studio ignores publish profiles.)
Replies
3
Views
374
ajbrehm
ajbrehm
Strahan
  • Question
Resolved Visual Studio Installer - how do I change folder perms?
Replies
3
Views
1K
Strahan
Strahan
S
  • Question
How to target a .sln file, when running the dotnet publish command inside of a workflow
Replies
5
Views
542
Simple Samples
S
M
  • Question
Resolved Using Media Player on Windows Form
Replies
14
Views
2K
Skydiver
Skydiver
Elad Yehuda
  • Question
Question Delay in inserting images in UserControl displayed in TabItem
Replies
1
Views
390
Skydiver
Skydiver

Share this page

Latest posts

Back
Top Bottom