Yesterday, I discussed a case where UAC was the reason why one of Microsoft's own application, which is supposedly Vista compatible (OSD Feature Pack), failed to run properly. In this post, I am going to explain why this happened and what is its significance to system administrators.
- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
UAC distinguishes between programs that need a so-called elevated execution level, i.e. which have to run with Administrator rights. The question now is, how can UAC know in advance that an application needs Administrator privileges? The answer to this question is that with legacy applications, there's no way of knowing it in advance, it can only guess. In my case, using the OSD Feature Pack capture wizard, it just guessed wrong.
UAC uses heuristics to detect if a legacy application has to run at the elevated execution level. It automatically elevates files named "setup.exe", for example. In general, Vista is quite good in detecting setup files even if they have different file names. This is not so difficult because most setup files are created by known packagers. However, with administration tools this is not so easy.
Windows administration tools that come with Vista are UAC compatible. This means that they tell UAC in their so-called application manifest what rights they need to run properly. Although, Microsoft says that OSD Feature Pack supports Vista, they somehow forgot to make the OSD capture wizard UAC compatible.
You probably will ask now, what about all your legacy administration tools which are not UAC compatible? As in my example with the Feature Pack, there will often be cases where you simply don't know if an application needs Administrator rights. You can check your applications with the Microsoft Application Compatibility Toolkit (ACT) V5.0. However, these tools are probably too complicated to use just to find out, if one of your favorite apps has to be elevated to run properly.
That's why I start all administration tools with Administrator rights, meanwhile. It can get quite time consuming just checking whenever an app fails to work properly due to its limited rights. You have several options to run these tools with an elevated execution level. I will write about them in my next post.