Execute an application with admin rights on system without UAC

Question

I have an application that must be executed with admin rights. There is everything fine, if UAC is on. But, if UAC is turned off, there is no prompt on start (even for standard user) and application starts with restricted rights.

Start process with verb "runas" does not work.

Is there any way to show the standard UAC login dialog for and execute an application with admin rights even if UAC if turned off?

Update : Manifest is included:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <assemblyIdentity version="1.1.6.0" processorArchitecture="X86" name="setup" type="win32"/>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
</asmv1:assembly>

and everithing is OK, when UAC is active. But it does not work if UAC is OFF.

Update 2: : This behavior is documented by MSDN Step 6: Create and Embed an Application Manifest (UAC) (see table "Application launch behavior for a standard user account" last row). So i can't solve this problem with any manifest. Is there any other solution?

Answer 1

I had a very similar problem, and I don't think the comments so far addressed your actual issue. I believe they are mistaking the intent of your question. While my answer will not show the actual UAC dialog as you first asked, it will show a workaround.

UAC being off does NOT preclude an application from being run as Administrator (assuming you have an administrator password, as it seems you do), just makes it harder. As you rightfully pointed out, with UAC disabled and requireAdministrator set in the manifest, right-clicking and selecting Run as administrator does not actually elevate the process, as Microsoft indicates: "Application might launch but will fail later"

Two Steps:

1) Hold Shift while Right-clicking on the application and select Run as a different user . Then simply use your Administrator user name and password to authenticate, and your application should run as Administrator. It worked for me.

2) Build a small executable that runs asInvoker and checks for Administrative privileges. When it is run without them, warn the user and tell them to Shift-Right Click, then Run as a different user . If your small program has administrator access, then use ShellExecute to invoke your primary requireAdministrator application. See Figure 9 here for a flow diagram.

Here is a small code sample in C++ from somewhere on StackOverflow that checks for administrator access:

BOOL IsUserAdmin(VOID)
{
   BOOL b;
   SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
   PSID AdministratorsGroup; 
   b = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup); 
   if(true==b) 
   {
      if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)) 
      {
         b = FALSE;
      } 
      FreeSid(AdministratorsGroup); 
   }
   return(b);
}