Windows Vista/7 UAC vs. My Delphi OLE Server App @ Startup

Posted on 2010-03-29
Medium Priority
Last Modified: 2012-05-09
I have an app that is an OLE (& OPC) Server which causes InitComServer to access HKLM which causes UAC to step in and demand verification. This wouldn't be such a big deal except for the fact a lot of our customers run our app from the startup group. Therein lies the rub...

My initial thought was to select "Run as administrator" in the startup shortcut, but this does not work (the app does not launch); neither do any of the other obvious tweaks to either the shortcut's or the the exe's properties. After some research, I learned about embedding a manifest as a resource and tried that... The app still won't launch from the startup group. Any attempt to "Run as administrator" from the Startup group seems to fail.

The only loophole that works is to remove all of the RAA props and the embedded manifest, run the app using RAA from the explorer (one time), and then put the non-RAA shortcut into startup. After that initial RAA from the explorer, the startup shortcut works every time. I gather that when an app loads in this manner, it is using a virtualized registry and any registry modifications made by my app aren't really going to the "real" registry... Which is "OK", but not what I ultimately want.  

My question: how do all of my other startup apps get around this? I'm sure that at least some of them need elevated privs, so how do they get 'em?
Question by:BradKilmer
  • 2
LVL 22

Expert Comment

ID: 29160923
How about disabling UAC ?

Author Comment

ID: 29228178
I asked the customer (a SCADA system integrator) and he said that his customer (the end user) would definitely not go for that.

Addendum to original post: Running under virtualization is not "OK" as previously stated; under virtualization, my app is unable to establish an OLE/OPC connection to the SCADA srver (CreateCOMObject returns "this operation requires elevation").

I've noticed that if my app goes through the UAC elevation process, that it is allowed to launch other OLE/OPC servers (which also require elevation) without a UAC prompt; so, I'm now trying to figure out if I can use a service (or anything) to do the same for the app in question... This becomes a Chicken/Egg conundrum because I still need the app launcher to get elevated privileges so that it can exploit the elevated privilege loophole (i.e. RAA app launching RAA app with no promt). I'm exploring the use of a TServiceApplication to do this... Is this a doomed idea also?

Is there some way to tell UAC to allow an app to pass through (as is done in the Firewall)?

This all-or-nothing approach (i.e. UAC or no UAC) seems VERY wrong.

Accepted Solution

BradKilmer earned 0 total points
ID: 29282476
I was finally was able to do it with Task Scheduler. Duh. I feel really smart now.

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question