Windows UAC Security With Exe

Question

I have an exe created with an old Borland C++ compiler. It needs administrator privileges to function correctly. Since the app will run at startup, I do not want the user prom

Answer 1

The answer would be using a scheduled task to run at logon. Scheduled tasks are launched by the task scheduler service which runs with SYSTEM privileges, and therefore it's possible to have them run with elevated privileges without prompting the user on startup. You still have to get the user's confirmation once - when you set up the scheduled task - but not every time the program runs.

Since I don't know how you are installing your program (which installer you are using, if any), I'll describe to you a way which you can probably implement in any environment: Using schtasks.exe and an XML file. (Note that this won't work with Windows XP and older, but there you don't have to worry about UAC anyway.)

You need to create an XML file like this:

    
        2013-11-01T00:00:00.0000000
        USERDOMAIN\USERNAME
    
    
        
            true
            USERDOMAIN\USERNAME
        
    
    
        
            HighestAvailable
            USERDOMAIN\USERNAME
            InteractiveToken
        
    
    
        IgnoreNew
        false
        false
        false
        false
        false
        
            false
            false
        
        true
        true
        false
        false
        false
        PT0S
        7
    
    
        
            c:\path\to\your\app.exe
            /your /parameters
        
    

• Replace all USERDOMAIN\USERNAME here with the actual user's domain and name. You can, for example, read those out of the corresponding environment variables USERDOMAIN and USERNAME.
• Replace c:\path\to\your\app.exe with your application's path and /your /parameters with the arguments you want to pass to your app, if any.
• The secret magic here lies in HighestAvailable which will make the task scheduler run your app elevated.
• The Date doesn't really matter, but for completeness you could set it to the current date and time.

After creating the XML file and saving it somewhere (e.g. temporary folder), you have to run this command which will create the actual task: schtasks.exe /Create /TN "My App" /F /XML "c:\path\to\xmlfile.xml" (replace My App with the name which should appear in the task scheduler when viewed).

You can delete the task again using schtasks.exe /Delete /TN "My App".

(For a pure C++ solution, you could also take this example and add the missing things which would be specifying the username and setting the flag for using the highest available privileges.)