Results 1 to 9 of 9

Thread: Setup files that can get around UAC

  1. #1

    Thread Starter
    Addicted Member Witis's Avatar
    Join Date
    Jan 2011
    Location
    VB Forums Online Freedom Mode: Operational
    Posts
    213

    Setup files that can get around UAC

    I just downloaded an old edition of burnaware_free.exe, version 2.3.3, from here: http://www.digital-digest.com/softwa..._free.exe.html

    and noticed that when I was logged in as a standard user (not admin) it does not trigger a UAC prompt and allows me to install the application even though I am not running elevated. Typically a setup file in such a circumstance would trigger a UAC prompt with the message: "To continue, type and administrator password and then click Yes."

    By contrast version 3.0.1 triggers a UAC prompt for standard users attempting to install it : http://www.digital-digest.com/softwa..._free.exe.html

    I looked at all the security settings although I could not work out what was set to turn off UAC for the setup file. Is it common, and what do I look for to determine if a setup file is designed to get around UAC? Could it be a simple manifest issue?
    Last edited by Witis; Oct 23rd, 2012 at 06:28 PM.
    All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.

    The plural of sun is stars you Catholic turkeys.

  2. #2
    PowerPoster Nightwalker83's Avatar
    Join Date
    Dec 2001
    Location
    Adelaide, Australia
    Posts
    13,344

    Re: Setup files that can get around UAC

    Well, I would think it would depend on where you are using the program! Foe example if you are using the program at home you should be able to run the program as administrator and not receive the prompt. However, I would think that a business would have rules/restriction in place to account for this due to the sensitive data they need to handle.
    when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
    If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
    https://get.cryptobrowser.site/30/4111672

  3. #3

    Thread Starter
    Addicted Member Witis's Avatar
    Join Date
    Jan 2011
    Location
    VB Forums Online Freedom Mode: Operational
    Posts
    213

    Re: Setup files that can get around UAC

    Quote Originally Posted by Nightwalker83 View Post
    Well, I would think it would depend on where you are using the program! Foe example if you are using the program at home you should be able to run the program as administrator and not receive the prompt. However, I would think that a business would have rules/restriction in place to account for this due to the sensitive data they need to handle.
    You are right Nightwalker83 there are 2 issues going on: UAC and Admin/Standard User protection. I seem to remember that on XP, where there is no UAC, a standard user needs admin permission to install any application although there are some exceptions such as Firefox that seemed to be able to get around the inbuilt Admin/Standard User security which creates a headache for network managers. I am still not sure how Mozilla got around the inbuilt security.
    All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.

    The plural of sun is stars you Catholic turkeys.

  4. #4
    Member
    Join Date
    Dec 2011
    Location
    Stockholm, Sweden
    Posts
    45

    Re: Setup files that can get around UAC

    All exe files with "Setup", "Install" or "update" in the name will automatically trigger the UAC elevation regardless of manifest content. If you want any old installer to trigger it, just rename it to Setup.exe.

  5. #5

    Thread Starter
    Addicted Member Witis's Avatar
    Join Date
    Jan 2011
    Location
    VB Forums Online Freedom Mode: Operational
    Posts
    213

    Re: Setup files that can get around UAC

    Quote Originally Posted by TomasEss View Post
    All exe files with "Setup", "Install" or "update" in the name will automatically trigger the UAC elevation regardless of manifest content. If you want any old installer to trigger it, just rename it to Setup.exe.
    True, thanks for the reply.

    I just had a look at Inno setup and the help file indicates that it is possible to create a setup that installs even if the user does not have admin rights, so it seems there is no internal windows security to stop regular users from installing applications it is entirely dependent on the setup creator, which is probably how Firefox got around the need to have admin rights to install. It is just bad form and really annoying for system admins when a setup allows users to do their own installs.
    All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.

    The plural of sun is stars you Catholic turkeys.

  6. #6
    PowerPoster Nightwalker83's Avatar
    Join Date
    Dec 2001
    Location
    Adelaide, Australia
    Posts
    13,344

    Re: Setup files that can get around UAC

    There is code to do the same thing with the UAC as version 2.3.3 here on the forums! I would imagine that the company thought that bypassing the UAC could be a security risk and that is why version 3.0.1 requires the UAC in-order for a standard user to install the software.
    when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
    If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
    https://get.cryptobrowser.site/30/4111672

  7. #7
    Member
    Join Date
    Dec 2011
    Location
    Stockholm, Sweden
    Posts
    45

    Re: Setup files that can get around UAC

    There is no problem to create an installer that does not require admin rights. It will also work with UAC turned on. Simply avoid the locations that is no no like Program files, Windows and System folders, HKLM hive in registry etc. If just installing to user specific locations you can work around both admin rights and UAC. BUT off course only the current user will be able to run the app and you won't have any machine wide settings. That's how Chrome does it as far as I have understood, and that is an annoyance...

  8. #8

    Thread Starter
    Addicted Member Witis's Avatar
    Join Date
    Jan 2011
    Location
    VB Forums Online Freedom Mode: Operational
    Posts
    213

    Re: Setup files that can get around UAC

    Quote Originally Posted by Nightwalker83 View Post
    There is code to do the same thing with the UAC as version 2.3.3 here on the forums! I would imagine that the company thought that bypassing the UAC could be a security risk and that is why version 3.0.1 requires the UAC in-order for a standard user to install the software.
    With you on that Nightwalker.
    All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.

    The plural of sun is stars you Catholic turkeys.

  9. #9

    Thread Starter
    Addicted Member Witis's Avatar
    Join Date
    Jan 2011
    Location
    VB Forums Online Freedom Mode: Operational
    Posts
    213

    Re: Setup files that can get around UAC

    Quote Originally Posted by TomasEss View Post
    There is no problem to create an installer that does not require admin rights. It will also work with UAC turned on. Simply avoid the locations that is no no like Program files, Windows and System folders, HKLM hive in registry etc. If just installing to user specific locations you can work around both admin rights and UAC. BUT off course only the current user will be able to run the app and you won't have any machine wide settings. That's how Chrome does it as far as I have understood, and that is an annoyance...
    Thanks for your good insights TomasEss, that explains what is actually happening in the case of Firefox and Google.
    All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.

    The plural of sun is stars you Catholic turkeys.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width