-
Oct 23rd, 2012, 08:17 AM
#1
Thread Starter
Addicted Member
Setup files that can get around UAC
I just downloaded an old edition of burnaware_free.exe, version 2.3.3, from here: http://www.digital-digest.com/softwa..._free.exe.html
and noticed that when I was logged in as a standard user (not admin) it does not trigger a UAC prompt and allows me to install the application even though I am not running elevated. Typically a setup file in such a circumstance would trigger a UAC prompt with the message: "To continue, type and administrator password and then click Yes."
By contrast version 3.0.1 triggers a UAC prompt for standard users attempting to install it : http://www.digital-digest.com/softwa..._free.exe.html
I looked at all the security settings although I could not work out what was set to turn off UAC for the setup file. Is it common, and what do I look for to determine if a setup file is designed to get around UAC? Could it be a simple manifest issue?
Last edited by Witis; Oct 23rd, 2012 at 06:28 PM.
All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.
The plural of sun is stars you Catholic turkeys.
-
Oct 23rd, 2012, 11:52 PM
#2
Re: Setup files that can get around UAC
Well, I would think it would depend on where you are using the program! Foe example if you are using the program at home you should be able to run the program as administrator and not receive the prompt. However, I would think that a business would have rules/restriction in place to account for this due to the sensitive data they need to handle.
when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
https://get.cryptobrowser.site/30/4111672
-
Oct 24th, 2012, 04:35 AM
#3
Thread Starter
Addicted Member
Re: Setup files that can get around UAC
Originally Posted by Nightwalker83
Well, I would think it would depend on where you are using the program! Foe example if you are using the program at home you should be able to run the program as administrator and not receive the prompt. However, I would think that a business would have rules/restriction in place to account for this due to the sensitive data they need to handle.
You are right Nightwalker83 there are 2 issues going on: UAC and Admin/Standard User protection. I seem to remember that on XP, where there is no UAC, a standard user needs admin permission to install any application although there are some exceptions such as Firefox that seemed to be able to get around the inbuilt Admin/Standard User security which creates a headache for network managers. I am still not sure how Mozilla got around the inbuilt security.
All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.
The plural of sun is stars you Catholic turkeys.
-
Oct 24th, 2012, 05:28 AM
#4
Member
Re: Setup files that can get around UAC
All exe files with "Setup", "Install" or "update" in the name will automatically trigger the UAC elevation regardless of manifest content. If you want any old installer to trigger it, just rename it to Setup.exe.
-
Oct 29th, 2012, 07:56 PM
#5
Thread Starter
Addicted Member
Re: Setup files that can get around UAC
Originally Posted by TomasEss
All exe files with "Setup", "Install" or "update" in the name will automatically trigger the UAC elevation regardless of manifest content. If you want any old installer to trigger it, just rename it to Setup.exe.
True, thanks for the reply.
I just had a look at Inno setup and the help file indicates that it is possible to create a setup that installs even if the user does not have admin rights, so it seems there is no internal windows security to stop regular users from installing applications it is entirely dependent on the setup creator, which is probably how Firefox got around the need to have admin rights to install. It is just bad form and really annoying for system admins when a setup allows users to do their own installs.
All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.
The plural of sun is stars you Catholic turkeys.
-
Oct 29th, 2012, 08:14 PM
#6
Re: Setup files that can get around UAC
There is code to do the same thing with the UAC as version 2.3.3 here on the forums! I would imagine that the company thought that bypassing the UAC could be a security risk and that is why version 3.0.1 requires the UAC in-order for a standard user to install the software.
when you quote a post could you please do it via the "Reply With Quote" button or if it multiple post click the "''+" button then "Reply With Quote" button.
If this thread is finished with please mark it "Resolved" by selecting "Mark thread resolved" from the "Thread tools" drop-down menu.
https://get.cryptobrowser.site/30/4111672
-
Oct 30th, 2012, 02:41 AM
#7
Member
Re: Setup files that can get around UAC
There is no problem to create an installer that does not require admin rights. It will also work with UAC turned on. Simply avoid the locations that is no no like Program files, Windows and System folders, HKLM hive in registry etc. If just installing to user specific locations you can work around both admin rights and UAC. BUT off course only the current user will be able to run the app and you won't have any machine wide settings. That's how Chrome does it as far as I have understood, and that is an annoyance...
-
Nov 1st, 2012, 06:55 AM
#8
Thread Starter
Addicted Member
Re: Setup files that can get around UAC
Originally Posted by Nightwalker83
There is code to do the same thing with the UAC as version 2.3.3 here on the forums! I would imagine that the company thought that bypassing the UAC could be a security risk and that is why version 3.0.1 requires the UAC in-order for a standard user to install the software.
With you on that Nightwalker.
All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.
The plural of sun is stars you Catholic turkeys.
-
Nov 1st, 2012, 06:57 AM
#9
Thread Starter
Addicted Member
Re: Setup files that can get around UAC
Originally Posted by TomasEss
There is no problem to create an installer that does not require admin rights. It will also work with UAC turned on. Simply avoid the locations that is no no like Program files, Windows and System folders, HKLM hive in registry etc. If just installing to user specific locations you can work around both admin rights and UAC. BUT off course only the current user will be able to run the app and you won't have any machine wide settings. That's how Chrome does it as far as I have understood, and that is an annoyance...
Thanks for your good insights TomasEss, that explains what is actually happening in the case of Firefox and Google.
All men have an inherent right to life, the right to self determination including freedom from forced or compulsory labour, a right to hold opinions and the freedom of expression, and the right to a fair trial and freedom from torture. Be aware that these rights are universal and inalienable (cannot be given, taken or otherwise transferred or removed) although you do risk losing the aforementioned rights should you fail to uphold them e.g Charles Taylor; United Nations sources: http://www.un.org/en/documents/udhr/, http://www.ohchr.org/EN/Professional...ages/CCPR.aspx. Also Charles I was beheaded on the 30th of January of 1649 for trying to replace parliamentary democracy with an absolute monarchy, the same should happen to Dr Phil and Stephen Fry; source: http://www.vbforums.com/showthread.p...ute-Monarchism.
The plural of sun is stars you Catholic turkeys.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|