• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

Why does my executable cause a user access control warning on Windows 7?

HI,
We have a Windows executable which we use to lock down the desktop and launch Internet Explorer in kiosk mode. The application is e-assessment - we need to be able to run the assessment in a locked down manner to stop students accessing the internet or the local machine.

The program works, and we have been using it on XP machines for a few years now. Now on Windows 7 machines we are getting a User Account Control Warning asking if we want the executable to make changes to the computer (see attached image). My question is, why are we getting this warning on Windows 7 ? Is it something about the executable? Why does it think the executable will "make changes" ? Thanks.
photo.JPG
0
emsttam
Asked:
emsttam
  • 8
  • 6
  • 3
  • +2
1 Solution
 
ded9Commented:
Sound the like the executable is running with xp mode feature enabled.

Right click on the executable- properties- compatibility tab- uncheck xp and run as admin..click ok .


Launch the app ...

Get the latest version of the app.


Ded9
0
 
Frank_AlphaserveitCommented:
the prompt you are getting is User Account Control - a prompt you will receive with pretty much any executable while UAC is enabled.

You can disable it from Start -> type in "UAC" and set to "Never Notify".
0
 
emsttamAuthor Commented:
That doesn't appear to be it. "Run this program in compatibility mode for" is unchecked. Tried running as admin as well, but same result (i.e. UAC warning).
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Vadim RappCommented:
Because this program probably writes to machine-related entries in the Registry, or writes files in the common locations on the machine.

You can disable UAC, but I think it's much better to achieve this without running the executable, by using group policy settings, such as:

User Configuration\Administrative Templates\System; Custom user interface : "iexplore" -K.

With that, Explorer won't start at all, and will be replaced by IE in kiosk mode.
0
 
ded9Commented:
Close all apps ...run this fixit.

http://support.microsoft.com/mats/windows_security_diagnostic/


Reboot and check.



Ded9
0
 
emsttamAuthor Commented:
vadimrapp1:

Not running the executable is not an option, it does other things as well as launching IE.

ded9:

Sorry, but not sure what that would achieve. This executable has to be deployed on multiple (i.e. hundreds) of machines in an institution, it's not a problem with any one machine.
0
 
Vadim RappCommented:
0
 
emsttamAuthor Commented:
vadimrapp1:

Again, not really an option for deployment on hundreds of PCs
0
 
ded9Commented:
Try the latest version of the this app.


Ded9
0
 
Vadim RappCommented:
It actually is - it's based on Microsoft Application Compatibility Toolkit, which involves distribution of the mitigations database by group policy.
http://www.microsoft.com/download/en/details.aspx?id=7352
0
 
emsttamAuthor Commented:
vadimrapp1:

I will suggest this to our client and see if it is a possibility for them. Won't get a response until at least Monday now, but will let you know.

In the meantime, can anyone enlighten me whether or not it makes a difference if the executable is signed or not in terms of eliminating this warning ?
0
 
jsdrayCommented:
Open your internet explorer... (trust me)
Go to:
tools
internet options
security tab
trusted sites
sites button
uncheck require server verification
in the add this website to the zone field add your full path
0
 
emsttamAuthor Commented:
jsdray:

It's an executable, not a website
0
 
Vadim RappCommented:
see this article:
http://technet.microsoft.com/en-us/library/cc709628%28WS.10%29.aspx

Especially under "Application Aware Elevation Prompts", which involves looking at the signature.

0
 
emsttamAuthor Commented:
vadimrapp1:

So my reading of that is that even if the executable is signed and trusted, there will still be a prompt, just a different coloured prompt.
0
 
Vadim RappCommented:
I did not try it myself, but these two settings (mentioned in the article) look promising:

User Account Control: Behavior of the elevation prompt for standard users -> none
User Account Control: Only elevate executables that are signed and validated
0
 
jsdrayCommented:
i know it's not a website... you can add local file path to trusted sites... just another way around the pop-up... maybe not the best, but another way...
0
 
emsttamAuthor Commented:
jsdray:

Sorry I misunderstood you. I have tried this now but could not get it to work. I played around with various path options to the executable but still get the UAC dialog
0
 
jsdrayCommented:
Check this out: HERE
I did this once for an application running from a server.  That was a while back...I must have missed a step.  Maybe the link above will help you.  
0
 
Vadim RappCommented:
This it totallydifferent issue. The technical details are here.
0
 
emsttamAuthor Commented:
I have awarded the points to vadimrapp1 since he/she identified a valid solution. For info however, the main problem turned out to be the fact that the executable was a self extracting zip, produced using Winzip self extractor version 3. This, it would seem, wants to run using administrator privileges on Windows 7, and the operating system seems to assume that it is a software installation, hence the message about making changes to the computer. Version 4 allows you to specify that it should be run with user privileges, and the prompt no longer appears.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 6
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now