Windows UAC Security With Exe
I have an exe created with an old Borland C++ compiler. It needs administrator privileges to function correctly. Since the app will run at startup, I do not want the user prom
-
The answer would be using a scheduled task to run at logon. Scheduled tasks are launched by the task scheduler service which runs with SYSTEM privileges, and therefore it's possible to have them run with elevated privileges without prompting the user on startup. You still have to get the user's confirmation once - when you set up the scheduled task - but not every time the program runs.
Since I don't know how you are installing your program (which installer you are using, if any), I'll describe to you a way which you can probably implement in any environment: Using
schtasks.exeand an XML file. (Note that this won't work with Windows XP and older, but there you don't have to worry about UAC anyway.)You need to create an XML file like this:
<?xml version="1.0" ?> <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>2013-11-01T00:00:00.0000000</Date> <Author>USERDOMAIN\USERNAME</Author> </RegistrationInfo> <Triggers> <LogonTrigger> <Enabled>true</Enabled> <UserId>USERDOMAIN\USERNAME</UserId> </LogonTrigger> </Triggers> <Principals> <Principal id="Author"> <RunLevel>HighestAvailable</RunLevel> <UserId>USERDOMAIN\USERNAME</UserId> <LogonType>InteractiveToken</LogonType> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>false</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>PT0S</ExecutionTimeLimit> <Priority>7</Priority> </Settings> <Actions Context="Author"> <Exec> <Command>c:\path\to\your\app.exe</Command> <Arguments>/your /parameters</Arguments> </Exec> </Actions> </Task>- Replace all
USERDOMAIN\USERNAMEhere with the actual user's domain and name. You can, for example, read those out of the corresponding environment variablesUSERDOMAINandUSERNAME. - Replace
c:\path\to\your\app.exewith your application's path and/your /parameterswith the arguments you want to pass to your app, if any. - The secret magic here lies in
<RunLevel>HighestAvailable</RunLevel>which will make the task scheduler run your app elevated. - The
Datedoesn't really matter, but for completeness you could set it to the current date and time.
After creating the XML file and saving it somewhere (e.g. temporary folder), you have to run this command which will create the actual task:
schtasks.exe /Create /TN "My App" /F /XML "c:\path\to\xmlfile.xml"(replaceMy Appwith the name which should appear in the task scheduler when viewed).You can delete the task again using
schtasks.exe /Delete /TN "My App".(For a pure C++ solution, you could also take this example and add the missing things which would be specifying the username and setting the flag for using the highest available privileges.)
讨论(0) - Replace all
-
I am writing this because although CherryDT's answer is a good approach, longer-run depending on context it may be a little inflexible.
Another option (depending on the context) may be to refactor into two components:
- A system service which runs at startup and does everything that needs admin access
- A client program that communicates with the service and does not need admin access.
This avoids the annoying prompt but it is more work. Based on your description it is not clear this is the right way to go here, but it may be down the road (and for others finding this ticket) so I figure it is worth mentioning separately.
讨论(0)
加载中...
- 热议问题