16
votes

I need one of my .exe to always run as administrator without UAC prompt. My program will be installed with setup, which will have for one time admin rights, and I need to perform such step in this setup that my exe will be always executed as admin without UAC prompt.

I've found 2 solutions so far:

1. Use custom service, which will elevate the program for me.

2. Use Task Scheduler.

Is there any other solution? Some manifest probably?

Thanks.

2
You could contact MSFT and ask for your app to be put in a special "UAC exclusion list". Not so sure that will work out, they don't put their own programs on that list. Yes, scheduled task, it takes admin privs to add it.Hans Passant

2 Answers

29
votes

If it were possible to do this, then UAC would be completely ineffective. The inability of applications to elevate themselves without user consent is the fundamental principle behind UAC.

Aside from already having an elevated process that launches it (i.e. service or task scheduler), the answer is no, it can't be done.

10
votes

Of course what you are supposed to do if you want to just drive UI is to use the UI access flag in your manifest (see http://msdn.microsoft.com/en-us/library/ms742884.aspx). If you install your application in a trusted location (e.g. system32) and it is signed (bleh!) then when you run your application it will be elevated to high (for an admin account).

The signing requirement makes it slightly annoying but at least it reduces slightly the attack surface as your code gets run with high integrity but not with an administrator token.