Ignore UAC for specific programs

Is it even possible?

First of all, I really like UAC and I think it is big step forward. I got it enabled on my developer PC...

But there are few programs that I run pretty often and UAC can be quite problematic - for example Regedit or MMC. I always run at least 2 programs with highest priorities (Total Commander and CMD session), usually under different account (with higher priorities).

Problem with UAC is that there is no exclusion list... So yesterday I decided it is time to find some workaround.

Result is first version of Elevator - program that will add new Elevate me entry to context menu.

Using this you can bypass UAC without disabling it.

To show you example, MMC always require admin privileges and you must also click that you want to run that program (sorry for no video - got some problems with my web cam).

See what happens when we use Elevator.

 

How does it work?

Few days ago I tried to run some scheduled task that required admin privileges. After some investigation I found out that you can specify that scheduled task can run using highest privileges:

These scheduled tasks don't prompt you with UAC. First idea that came to my mind was - OK, so if scheduled task runs on demand, then it should in fact disable UAC for specific program? I tried it and it worked... So for some time I was using on demand scheduled tasks - for example instead of running MMC I run Schtasks /Run /TN "Elevated\MMC".

This was working fine - problem was that you needed to prepare your tasks. So I started to think about some general parser - something universal, easy to implement and use etc.

So I came with idea of two executables - first will prepare "configuration" (what to run etc.) and second will parse this configuration (but from scheduled task).

I tried this concept - Elevate me context menu points to ElevateRunner, ElevateRunner creates configuration in ElevateThis and then runs scheduled task called Elevator that will parse through this folder and run anything in it. Quite advantage is that neither ElevateRunner nor Elevater needs to run - they are not residents programs and they dont monitor something, so they are pretty quick and perform well (whole installation is about 36k).

Concept is definitely not the best, but it works at least for me and compared to ACT solutions it works for every program. This is definitely not solution for normal end users.

If you will decide that you give it a try, let me know if it works for you... I always love to get some feedback (maybe I will change my utilities to feedbackware ;)).

 

Installation

UPDATE: David Phillippo pointed out there was error during installation (hardcoded path was not only in template, but also in reg files). When I tried to fix this, I accidentaly rewrote whole installation script - so there is no need to modify now anything. Just unpack, run install and new context menu should appear. Please dont forget however that you must run Install.cmd in elevated mode!

  1. Download and unpack SkipUAC.zip to any location.
  2. Run Install.cmd - YOU MUST RUN IT ELEVATED! This is final step. Now you should have Elevate me in context menu for all executables and it should work fine.

 

Uninstallation

Uninstallation is pretty easy - simply run Uninstall.cmd script and then you can delete whole folder.

 

Download

Be aware that this is pre-alpha version, only proof of concept that it can be done. Because I try to share as much as possible, I will also provide you with elevator:

 

UPDATE: New version uploaded - it now works for all files, not only exes. If you want to specify some shortcut to always run elevated, check following blog post.

Published Friday, May 16, 2008 9:17 AM by martin

Comments

# Ignore UAC for specific programs

Great idea by MVP'er Marin Zugec... msmvps.com/.../ignore

Friday, May 16, 2008 9:47 AM by Rod Trent at myITforum.com

# B On The Move - Tech News - Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

Pingback from  B On The Move - Tech News -   Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

Friday, May 16, 2008 2:15 PM by B On The Move - Tech News - Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

# Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] » Lifehacker, tips and downloads for getting things done

Pingback from  Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] » Lifehacker, tips and downloads for getting things done

Friday, May 16, 2008 2:33 PM by Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] » Lifehacker, tips and downloads for getting things done

# Life Clerks » Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

Pingback from  Life Clerks » Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

Friday, May 16, 2008 2:43 PM by Life Clerks » Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download]

# Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] · TechBlogger

Pingback from  Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] · TechBlogger

Friday, May 16, 2008 2:56 PM by Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] · TechBlogger

# Elevator (Windows Vista Permissions) | Everyday Nerd

Pingback from  Elevator (Windows Vista Permissions) | Everyday Nerd

Friday, May 16, 2008 3:26 PM by Elevator (Windows Vista Permissions) | Everyday Nerd

# Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] | Another Way To Be Rich

Pingback from  Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] | Another Way To Be Rich

Saturday, May 17, 2008 8:28 AM by Elevator Quickly Disables UAC for Specific Programs [Featured Windows Download] | Another Way To Be Rich

# re: Ignore UAC for specific programs

Installed and hacked about with it for a bit- works fine now.

The installer didn't seem to create the registry entries, however it did manage to create the task with all the right settings. To add them I just merged them manually- click on the ".reg" files in "/install".

Also, I think you forgot to mention to change the registry paths in "Install/CreateContextMenu.reg". They still point to your path of "C:\\Data\\SkipUAC\\ElevatorRunner.exe". Once I changed them it worked fine.

Great POC though. Maybe it will make it to an alpha or beta at some stage? *shameful hint*

Saturday, May 17, 2008 8:58 AM by David Phillippo

# re: Ignore UAC for specific programs

Hi David,

thanks for info, I will try to fix it next week... Of course it was my mistake, .reg is using hardcoded path :(

Before moving this POC I want more people to test it and report any bugs - did everything work for you (after you corrected my mistake ;))?

Martin

Saturday, May 17, 2008 2:34 PM by martin

# Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

Pingback from  Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

Saturday, May 17, 2008 6:56 PM by Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

# Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

Pingback from  Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

Saturday, May 17, 2008 6:56 PM by Deshabilitar las advertencias del UAC para algunas aplicaciones con Elevator | Win-Vista.es

# re: Ignore UAC for specific programs

@David: it is fixed now... content of .reg and also template.xml is now based on current folder, so there is (or shouldnt) be any need to do anything except running Install.cmd...

Well, maybe this means that it is no longer POC, but alfa version ;) Which features\changes would you like to see??

Sunday, May 18, 2008 10:57 AM by martin

# re: Ignore UAC for specific programs

That's a cool idea!  I wrote a frontend for <a href="www.joeware.net/.../a>  that does pretty much the same thing for XP.  My major concern with CPAU is that it doesn't encrypt the information very well, and, as it sits, is a command line tool only.  Could you write a version of Elevator for XP that works like CPAU, only better?

Sunday, May 18, 2008 12:37 PM by DeadlyDad

# re: Ignore UAC for specific programs

Heya,

well, what exactly would you like to see? ;) If you could prepare some list of features, then I will try to write it ;)

Martin

Sunday, May 18, 2008 3:40 PM by martin

# re: Ignore UAC for specific programs

It doesn't work for me.  I install it (running as administrator), and I get the "Elevate me" context menu.  But the program I want to run still prompts me for a User Account Control login every time.

Sunday, May 18, 2008 5:21 PM by CNB

# re: Ignore UAC for specific programs

Hi CNB,

that is strange, should work fine... What is the name of program?? Can you run anything (proven example is mmc.exe or cmd.exe)?

Martin

Monday, May 19, 2008 2:36 AM by martin

# Desactiva las alertas del UAC para programas espec??ficos con Elevator

Pingback from  Desactiva las alertas del UAC para programas espec??ficos con Elevator

Monday, May 19, 2008 9:06 AM by Desactiva las alertas del UAC para programas espec??ficos con Elevator

# Tecnologia &raquo; Blog Archiv &raquo; Desactiva las alertas del UAC para programas espec??ficos con Elevator

Pingback from  Tecnologia  &raquo; Blog Archiv   &raquo; Desactiva las alertas del UAC para programas espec??ficos con Elevator

Monday, May 19, 2008 9:15 AM by Tecnologia » Blog Archiv » Desactiva las alertas del UAC para programas espec??ficos con Elevator

# Ignore UAC for specific programs - Scripting, Vista &#038; Deployment

Pingback from  Ignore UAC for specific programs - Scripting, Vista &#038; Deployment

Monday, May 19, 2008 11:17 AM by Ignore UAC for specific programs - Scripting, Vista & Deployment

# Desactiva las alertas del UAC para programas espec??ficos con Elevator &laquo; Lestat-Blog De Seguridad Informatica

Pingback from  Desactiva las alertas del UAC para programas espec??ficos con Elevator &laquo; Lestat-Blog De Seguridad Informatica

Monday, May 19, 2008 4:27 PM by Desactiva las alertas del UAC para programas espec??ficos con Elevator « Lestat-Blog De Seguridad Informatica

# Pr??ctica soluci??n para paliar los efectos del UAC &laquo; e-rgonomy.com Official Blog

Pingback from  Pr??ctica soluci??n para paliar los efectos del UAC &laquo; e-rgonomy.com Official Blog

Wednesday, May 21, 2008 11:04 AM by Pr??ctica soluci??n para paliar los efectos del UAC « e-rgonomy.com Official Blog

# Elevator - allows you to disable Vista UAC &laquo; Digital Info

Pingback from  Elevator - allows you to disable Vista UAC &laquo; Digital Info

Thursday, May 22, 2008 8:57 AM by Elevator - allows you to disable Vista UAC « Digital Info

# re: Ignore UAC for specific programs

Hi there

I think this app is a great idea. BUT:

It doesn't work for me. I tried it with mmc.exe and i get this error (when clicking Elevate me or dragging the shortcut on ElevatorRunner.exe):

---------------------------

ElevatorRunner

---------------------------

Errors encounetered:

Der Zugriff auf den Pfad C:\Program Files\Elevator\ElevateThis\1009519115.execute wurde verweigert.

---------------------------

OK  

---------------------------

Translation of the 3rd line:

Access to path C:\(...)ElevateThis\1009519115.execute has been denied.

(I am using a German Vista, could that cause the problem?)

Greetings

TheSwissGuy

Friday, May 23, 2008 12:16 PM by TheSwissGuy

# re: Ignore UAC for specific programs

Hi Swiss Guy ;)

Should work... I will try to investigate little more, can you meanwhile try to copy it outside Program Files (anywhere else)?

Does it work or it gives you same error?

Friday, May 23, 2008 12:35 PM by martin

# Disable UAC for a Program in Vista

Pingback from  Disable UAC for a Program in Vista

Friday, May 23, 2008 2:24 PM by Disable UAC for a Program in Vista

# re: Ignore UAC for specific programs

Good tip, it works outside the program files folder :) (But why doesn't it work inside? - I think you should add this as a hint to the installation instructions.)

I tried it and it really is a good app…

And I already have a request :D

Would it be possible to add something like "Always Elevate" to the context menu? - Which would simply create a copy of the Shortcut and add the path of ElevatorRunner.exe into this copy…

Keep up the good work :D

TheSwissGuy

Saturday, May 24, 2008 9:11 AM by TheSwissGuy

# re: Ignore UAC for specific programs

Hi

looks like my first reply wasn't submitted, so I try it again…

Just wanted to say that it works great outside the program files folder (why doesn't it inside?). Maybe you should add a note about that to the installation instructions…

And I already have a request :)

Would it be possible to add a "Always Elevate" to the context menu, which would create a copy of the shortcut and add the path of ElevatorRunner.exe into it?

swissguy

Saturday, May 24, 2008 3:19 PM by TheSwissGuy

# Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

Pingback from  Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

Saturday, May 24, 2008 8:53 PM by Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

# Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

Pingback from  Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

Saturday, May 24, 2008 8:53 PM by Tip : Quickly Disable UAC For Specific Specific Programs | dailyApps

# re: Ignore UAC for specific programs

Actually it is possible to disable UAC permanently for specific applications. Just take a look here: jens-schaller.de/.../119.htm.

But I must admit, that it requires a bit of work ;)

Saturday, May 24, 2008 11:27 PM by Jens Schaller

# Savait??s siuntiniai 2008-S21 : ne??inau.lt

Pingback from  Savait??s siuntiniai 2008-S21 : ne??inau.lt

Sunday, May 25, 2008 3:55 AM by Savait??s siuntiniai 2008-S21 : ne??inau.lt

# re: Ignore UAC for specific programs

@martin

The application worked fine for me once I had altered the hardcoded paths. The only thing that did not work was when I tried to launch a program that required some config files in a relative folder (namely Joost).

I will try installing the new improved version now and see how it goes.

As for any improvements, it would be useful to whitelist certain programs so they are always elevated- something that again Vista's UAC is lacking. I suppose this could be achieved in part by creating a shortcut to elevator.exe with the required parameters for the program you want to launch.

Thanks, and keep up the good work!

David

Sunday, May 25, 2008 9:39 AM by David Phillippo

# re: Ignore UAC for specific programs

@SwissGuy: reason is pretty simple (and I was stupid that I didnt think about it). For every application you want to elevate, you must create configuration file (so ElevatorRunner is creating configuration for Elevator). This configuration is created in same folder as application - and you cant write to Program Files of course ;)

So for next version, I will change this path to user profile definitely ;) Sorry for this (very stupid) bug in my brain ;)

Regarding "Always elevate", I could add shortcuts creator (right now I am working on offline shortcuts editor utility, so that fits nicely), but I also want to find some time to create beta of HookApp from current POC (HookApp allows you to specify rules for processes - for example lock them by password, redirect them (whenever iexplore.exe is launched, launch Firefox instead) or modify them (one example is auto elevation)...

My girlfriend is leaving for 3 months (19th of June), so I will have plenty of time to finish this :'(

@Jens: Yep, that what lead me to creation of Elevator :D I tried that for few programs and it was working only for 1 out of 5 :( Even that MSDN article was removed :( What I want to try later is to create IgnoreUAC shim layer instead of shim itself - that could make that method much reliable (using shim only affects current process, using shim layer (aka compatibility mode) also all children processes.

@David: Joost is working ;) Problem is that configuration is called using ..Application.ini (or something similar). I got it as open bug - Elevator is changing working copy and that is why it doesnt work. If you change argument to FQDN, it works correctly (got it working here). As you mentioned, using cmd for ElevatorRunner would also work correctly (see msmvps.com/.../elevator-command-line.aspx)

Martin

Sunday, May 25, 2008 12:39 PM by martin

# ???????? ???????????? ???????? &raquo; ITbananas

Pingback from  ???????? ???????????? ???????? &raquo; ITbananas

Monday, May 26, 2008 6:06 PM by ???????? ???????????? ???????? » ITbananas

# re: Ignore UAC for specific programs

The install.cmd still doesn't work - and I am running as administor:

C:\Program Files\Elevator>install

The system cannot find the path specified.

The system cannot find the path specified.

The system cannot find the path specified.

ERROR: The task XML contains an unexpected node.

(1,9):Command:

C:\Program Files\Elevator>

Tuesday, May 27, 2008 1:47 PM by akidd

# re: Ignore UAC for specific programs

@Akidd: Hi, that is very strange... It looks like you are missing Src folder, can you please check it (C:\Program Files\Elevator\Src)?

Don't forget that Install.cmd must be elevated in order to run correctly...

There should be 4 files:

BeginTemplate.xml

CreateContextMenu.reg

DeleteContextMenu.reg

EndTemplate.xml

If everything is ok, can you please open Install.cmd, change @Echo off to @Echo on and re-run it?

Martin

Tuesday, May 27, 2008 1:52 PM by martin

# re: Ignore UAC for specific programs

OK my bad.  I didn't extract the SRC folder as I assumed it was the program source.  Now all works as expected.  Again thanks for this work.

Tuesday, May 27, 2008 6:36 PM by Akidd

# Ignore UAC for specific programs - Martin Zugec blog

Pingback from  Ignore UAC for specific programs - Martin Zugec blog

Friday, May 30, 2008 2:24 AM by Ignore UAC for specific programs - Martin Zugec blog

# Bypass or Disable UAC for Selected Excluded Programs Only with Elevator (SkipUAC) &raquo; Tip and Trick

Pingback from  Bypass or Disable UAC for Selected Excluded Programs Only with Elevator (SkipUAC)  &raquo;  Tip and Trick

Friday, May 30, 2008 11:58 AM by Bypass or Disable UAC for Selected Excluded Programs Only with Elevator (SkipUAC) » Tip and Trick

# re: Ignore UAC for specific programs

Hi,

I tried using elevator and the first time I tought: EUREKA, I found something that actually does what I want.  But then somehow it stopped working although I was still using it to open the same program.  

When I click 'elevate me', it doesn't seem to react or something.  It also doesn't appear in task scheduler, nor does it when I first elevate it and then run elevatorrunner.exe.  When I run elevator.exe it starts opening all the things I wanted elevated, but it gives me the UAC for it.

The program is located at: c:\software\map\program.exe

Do you have any help perhaps?

Monday, June 16, 2008 12:34 PM by Pieter

# re: Ignore UAC for specific programs

Hi Pieter,

are you using latest version? If yes, just run Uninstall.cmd and then Install.cmd (just be sure that you are runnning Install.cmd elevated, otherwise Elevator won't work!).

If that won't help, try running (from cmd) command schtasks /query /tn Elevator and paste output here (Couldn't not run is normal, because it is manual job).

Martin

Monday, June 16, 2008 1:09 PM by martin

# re: Ignore UAC for specific programs

Downloaded the program just this afternoon, so I'm guessing i'm using the latest version.

When I use that command, when I'm logged in as administrator for cmd, it says:

Execute next time: not appropriate or something, trying to translate, just not needed

state: ready

When I use it as a regular user it says: you don't have the needed rights.

That's probably the problem.

Monday, June 16, 2008 3:48 PM by Pieter

# re: Ignore UAC for specific programs

Ah, now I probably see problem :) You are running under different account. What you need to do in that case (didn't test it though) is that you go to scheduled tasks and add your account permissions to run that scheduled task, that should do the trick

Friday, June 20, 2008 2:38 AM by martin

# Migliorare il rendimento di Windows Vista. &laquo; Nikothewall&#8217;s blog ;)

Pingback from  Migliorare il rendimento di Windows Vista. &laquo; Nikothewall&#8217;s blog ;)

Wednesday, June 25, 2008 10:29 AM by Migliorare il rendimento di Windows Vista. « Nikothewall’s blog ;)

# re: Ignore UAC for specific programs

This is worse than turning off UAC all together. if any other program uses ElevatorRunner, it can bypass UAC, but you will still think, incorrectly, that you have some level of security added by UAC.

In addition to creating a huge security hole, it doesn't add functionality. You can use task scheduler to create a task that runs a specific program with highest privelages, then create a shortcut to run it. With this method you are limiting the Highest privelages to that specific program; with your program any program that wants to can have highest privelages.

Overall i would say that this is a program that shouldn't be installed by anyone.

Thursday, June 26, 2008 8:39 PM by Michael

# re: Ignore UAC for specific programs

Hi Michael,

on one hand I totally agree with you. There are few posts\projects I wrote for this blog, but never published them because I think they are too dangerous.

On the other hand, I am really disappointed by fact that there is really no easy way how to work with UAC if you

a.) like to use desktop as kind of dashboard (one window maximized, rest in tray, if you don't need something, close it immediately and open it when needed)

b.) are administrator\consultant and need to run tools like MMC all the time

c.) prefer keyboard to mouse

Initial idea behind elevator was only to make it easier to create scheduled tasks automatically, however then I thought about adding it to all programs. Don't forget that this is not fully fledged application, but proof of concept.

If I would try to write full application, it would rather allow programs based on hashes or similar rules.

I am gathering feedback on it right now, most people find it very interesting and user friendly. As I said it is only POC and is not used broadly, and without huge user base there is almost no risk of viruses spreading using this technique. If I will see that more people are using it, I would create much more secure version and remove this.

As I said before, I totally agree with you - difference is that for me this approach is only POC, you see it as application for end users.

Martin

Saturday, June 28, 2008 7:57 AM by martin

# SysAdmin- ?????????? &raquo; ITbananas

Pingback from  SysAdmin- ?????????? » ITbananas

Sunday, July 13, 2008 6:02 PM by SysAdmin- ?????????? » ITbananas

# Create UAC White List | I'm Just Being Manan

Pingback from  Create UAC White List | I'm Just Being Manan

Saturday, November 08, 2008 3:58 PM by Create UAC White List | I'm Just Being Manan

Leave a Comment

(required) 
(required) 
(optional)
(required)