emsttam
asked on
Why does my executable cause a user access control warning on Windows 7?
HI,
We have a Windows executable which we use to lock down the desktop and launch Internet Explorer in kiosk mode. The application is e-assessment - we need to be able to run the assessment in a locked down manner to stop students accessing the internet or the local machine.
The program works, and we have been using it on XP machines for a few years now. Now on Windows 7 machines we are getting a User Account Control Warning asking if we want the executable to make changes to the computer (see attached image). My question is, why are we getting this warning on Windows 7 ? Is it something about the executable? Why does it think the executable will "make changes" ? Thanks.
photo.JPG
We have a Windows executable which we use to lock down the desktop and launch Internet Explorer in kiosk mode. The application is e-assessment - we need to be able to run the assessment in a locked down manner to stop students accessing the internet or the local machine.
The program works, and we have been using it on XP machines for a few years now. Now on Windows 7 machines we are getting a User Account Control Warning asking if we want the executable to make changes to the computer (see attached image). My question is, why are we getting this warning on Windows 7 ? Is it something about the executable? Why does it think the executable will "make changes" ? Thanks.
photo.JPG
the prompt you are getting is User Account Control - a prompt you will receive with pretty much any executable while UAC is enabled.
You can disable it from Start -> type in "UAC" and set to "Never Notify".
You can disable it from Start -> type in "UAC" and set to "Never Notify".
ASKER
That doesn't appear to be it. "Run this program in compatibility mode for" is unchecked. Tried running as admin as well, but same result (i.e. UAC warning).
Because this program probably writes to machine-related entries in the Registry, or writes files in the common locations on the machine.
You can disable UAC, but I think it's much better to achieve this without running the executable, by using group policy settings, such as:
User Configuration\Administrati
With that, Explorer won't start at all, and will be replaced by IE in kiosk mode.
You can disable UAC, but I think it's much better to achieve this without running the executable, by using group policy settings, such as:
User Configuration\Administrati
With that, Explorer won't start at all, and will be replaced by IE in kiosk mode.
Close all apps ...run this fixit.
http://support.microsoft.com/mats/windows_security_diagnostic/
Reboot and check.
Ded9
http://support.microsoft.com/mats/windows_security_diagnostic/
Reboot and check.
Ded9
ASKER
vadimrapp1:
Not running the executable is not an option, it does other things as well as launching IE.
ded9:
Sorry, but not sure what that would achieve. This executable has to be deployed on multiple (i.e. hundreds) of machines in an institution, it's not a problem with any one machine.
Not running the executable is not an option, it does other things as well as launching IE.
ded9:
Sorry, but not sure what that would achieve. This executable has to be deployed on multiple (i.e. hundreds) of machines in an institution, it's not a problem with any one machine.
You can also disable UAC for this particular application
ASKER
vadimrapp1:
Again, not really an option for deployment on hundreds of PCs
Again, not really an option for deployment on hundreds of PCs
Try the latest version of the this app.
Ded9
Ded9
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
vadimrapp1:
I will suggest this to our client and see if it is a possibility for them. Won't get a response until at least Monday now, but will let you know.
In the meantime, can anyone enlighten me whether or not it makes a difference if the executable is signed or not in terms of eliminating this warning ?
I will suggest this to our client and see if it is a possibility for them. Won't get a response until at least Monday now, but will let you know.
In the meantime, can anyone enlighten me whether or not it makes a difference if the executable is signed or not in terms of eliminating this warning ?
Open your internet explorer... (trust me)
Go to:
tools
internet options
security tab
trusted sites
sites button
uncheck require server verification
in the add this website to the zone field add your full path
Go to:
tools
internet options
security tab
trusted sites
sites button
uncheck require server verification
in the add this website to the zone field add your full path
ASKER
jsdray:
It's an executable, not a website
It's an executable, not a website
see this article:
http://technet.microsoft.com/en-us/library/cc709628%28WS.10%29.aspx
Especially under "Application Aware Elevation Prompts", which involves looking at the signature.
http://technet.microsoft.com/en-us/library/cc709628%28WS.10%29.aspx
Especially under "Application Aware Elevation Prompts", which involves looking at the signature.
ASKER
vadimrapp1:
So my reading of that is that even if the executable is signed and trusted, there will still be a prompt, just a different coloured prompt.
So my reading of that is that even if the executable is signed and trusted, there will still be a prompt, just a different coloured prompt.
I did not try it myself, but these two settings (mentioned in the article) look promising:
User Account Control: Behavior of the elevation prompt for standard users -> none
User Account Control: Only elevate executables that are signed and validated
User Account Control: Behavior of the elevation prompt for standard users -> none
User Account Control: Only elevate executables that are signed and validated
i know it's not a website... you can add local file path to trusted sites... just another way around the pop-up... maybe not the best, but another way...
ASKER
jsdray:
Sorry I misunderstood you. I have tried this now but could not get it to work. I played around with various path options to the executable but still get the UAC dialog
Sorry I misunderstood you. I have tried this now but could not get it to work. I played around with various path options to the executable but still get the UAC dialog
Check this out: HERE
I did this once for an application running from a server. That was a while back...I must have missed a step. Maybe the link above will help you.
I did this once for an application running from a server. That was a while back...I must have missed a step. Maybe the link above will help you.
This it totallydifferent issue. The technical details are here.
ASKER
I have awarded the points to vadimrapp1 since he/she identified a valid solution. For info however, the main problem turned out to be the fact that the executable was a self extracting zip, produced using Winzip self extractor version 3. This, it would seem, wants to run using administrator privileges on Windows 7, and the operating system seems to assume that it is a software installation, hence the message about making changes to the computer. Version 4 allows you to specify that it should be run with user privileges, and the prompt no longer appears.
Right click on the executable- properties- compatibility tab- uncheck xp and run as admin..click ok .
Launch the app ...
Get the latest version of the app.
Ded9