Vista User Account Control (UAC) traps part 2: elevated applications

Yesterday, I discussed a case where UAC was the reason why one of Microsoft's own application, which is supposedly Vista compatible (OSD Feature Pack), failed to run properly. In this post, I am going to explain why this happened and what is its significance to system administrators.

UAC distinguishes between programs that need a so-called elevated execution level, i.e. which have to run with Administrator rights. The question now is, how can UAC know in advance that an application needs Administrator privileges? The answer to this question is that with legacy applications, there's no way of knowing it in advance, it can only guess. In my case, using the OSD Feature Pack capture wizard, it just guessed wrong.

UAC uses heuristics to detect if a legacy application has to run at the elevated execution level. It automatically elevates files named "setup.exe", for example. In general, Vista is quite good in detecting setup files even if they have different file names. This is not so difficult because most setup files are created by known packagers. However, with administration tools this is not so easy.

Windows administration tools that come with Vista are UAC compatible. This means that they tell UAC in their so-called application manifest what rights they need to run properly. Although, Microsoft says that OSD Feature Pack supports Vista, they somehow forgot to make the OSD capture wizard UAC compatible.

You probably will ask now, what about all your legacy administration tools which are not UAC compatible? As in my example with the Feature Pack, there will often be cases where you simply don't know if an application needs Administrator rights. You can check your applications with the Microsoft Application Compatibility Toolkit (ACT) V5.0. However, these tools are probably too complicated to use just to find out, if one of your favorite apps has to be elevated to run properly.

That's why I start all administration tools with Administrator rights, meanwhile. It can get quite time consuming just checking whenever an app fails to work properly due to its limited rights. You have several options to run these tools with an elevated execution level. I will write about them in my next post.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads and for free by becoming a member!

0
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account