Windows Vista/7 UAC vs. My Delphi OLE Server App @ Startup

I have an app that is an OLE (& OPC) Server which causes InitComServer to access HKLM which causes UAC to step in and demand verification. This wouldn't be such a big deal except for the fact a lot of our customers run our app from the startup group. Therein lies the rub...

My initial thought was to select "Run as administrator" in the startup shortcut, but this does not work (the app does not launch); neither do any of the other obvious tweaks to either the shortcut's or the the exe's properties. After some research, I learned about embedding a manifest as a resource and tried that... The app still won't launch from the startup group. Any attempt to "Run as administrator" from the Startup group seems to fail.

The only loophole that works is to remove all of the RAA props and the embedded manifest, run the app using RAA from the explorer (one time), and then put the non-RAA shortcut into startup. After that initial RAA from the explorer, the startup shortcut works every time. I gather that when an app loads in this manner, it is using a virtualized registry and any registry modifications made by my app aren't really going to the "real" registry... Which is "OK", but not what I ultimately want.  

My question: how do all of my other startup apps get around this? I'm sure that at least some of them need elevated privs, so how do they get 'em?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How about disabling UAC ?
BradKilmerAuthor Commented:
I asked the customer (a SCADA system integrator) and he said that his customer (the end user) would definitely not go for that.

Addendum to original post: Running under virtualization is not "OK" as previously stated; under virtualization, my app is unable to establish an OLE/OPC connection to the SCADA srver (CreateCOMObject returns "this operation requires elevation").

I've noticed that if my app goes through the UAC elevation process, that it is allowed to launch other OLE/OPC servers (which also require elevation) without a UAC prompt; so, I'm now trying to figure out if I can use a service (or anything) to do the same for the app in question... This becomes a Chicken/Egg conundrum because I still need the app launcher to get elevated privileges so that it can exploit the elevated privilege loophole (i.e. RAA app launching RAA app with no promt). I'm exploring the use of a TServiceApplication to do this... Is this a doomed idea also?

Is there some way to tell UAC to allow an app to pass through (as is done in the Firewall)?

This all-or-nothing approach (i.e. UAC or no UAC) seems VERY wrong.
BradKilmerAuthor Commented:
I was finally was able to do it with Task Scheduler. Duh. I feel really smart now.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.