Yesterday, I discussed a case where UAC was the reason why one of Microsoft's own application, which is supposedly Vista compatible (OSD Feature Pack), failed to run properly. In this post, I am going to explain why this happened and what is its significance to system administrators.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
UAC distinguishes between programs that need a so-called elevated execution level, i.e. which have to run with Administrator rights. The question now is, how can UAC know in advance that an application needs Administrator privileges? The answer to this question is that with legacy applications, there's no way of knowing it in advance, it can only guess. In my case, using the OSD Feature Pack capture wizard, it just guessed wrong.
UAC uses heuristics to detect if a legacy application has to run at the elevated execution level. It automatically elevates files named "setup.exe", for example. In general, Vista is quite good in detecting setup files even if they have different file names. This is not so difficult because most setup files are created by known packagers. However, with administration tools this is not so easy.
Windows administration tools that come with Vista are UAC compatible. This means that they tell UAC in their so-called application manifest what rights they need to run properly. Although, Microsoft says that OSD Feature Pack supports Vista, they somehow forgot to make the OSD capture wizard UAC compatible.
You probably will ask now, what about all your legacy administration tools which are not UAC compatible? As in my example with the Feature Pack, there will often be cases where you simply don't know if an application needs Administrator rights. You can check your applications with the Microsoft Application Compatibility Toolkit (ACT) V5.0. However, these tools are probably too complicated to use just to find out, if one of your favorite apps has to be elevated to run properly.
Subscribe to 4sysops newsletter!
That's why I start all administration tools with Administrator rights, meanwhile. It can get quite time consuming just checking whenever an app fails to work properly due to its limited rights. You have several options to run these tools with an elevated execution level. I will write about them in my next post.