Jump to content

UAC Pass - bypass UAC prompts only for specific programs


AvvA
 Share

Recommended Posts

Hi!

UAC Pass aims to make UAC-free shortcuts.
It was made to reduce the hassle of UAC prompts for frequently used applications requiring elevation, without shutting down the UAC protection (UAC is a great step forward about security).
UAC-free shortcuts are shortcuts pointing to scheduled tasks, these scheduled tasks being run with their creator's rights, it bypasses the prompt usually made by User Account Control.

en-screen1.7main.png

Out of typical features related to scheduled tasks (session's start and multiple/single instance), I also implemented in 1.5 an easy way to use UAC Pass with programs located on a removable device such as a USB stick, it consists of storing into a batch file the relative path to shortcuts stored on the removable device that will produce UAC-free shortcuts on batch execution. With version 1.7 I added a list of freeing-tasks created, where you can launch and delete them, it aims to ease the USB Mode usage.

The script in itself works well under Windows 7 x64 and x86, theoretically all versions (Pro, family...), it should also work well under Vista despite I already get returns about something that doesn't work and which you can know about by reading the FAQ (Time pass and still no more return about Vista, as I don't have access to it, perhaps it was occasional bugs, or permanent ones, I can't know without Vista's users feedback).

  • It requires to be logged in with an administrative account,
  • It is fully portable,
  • It works with drag & drop, single or multiple files,
  • It can make shortcut to almost anything (not only applications),
  • it keeps shortcuts' parameters,
  • it can restore the original shortcut (and destroy the scheduled task & UAC-free shortcut),
  • it has support for command-line.
  • it has several working modes (Command Line, direct D&D onto uacpass.exe or a shortcut to it, or D&D over main gui).

It is useless for people that can't log in as administrators, it is also useless for people that want to make shortcuts that would bypass this UAC prompt under a common user account.


Despite it is only in English and in French, It should work with any localized Windows language (I would welcome feedback about pinning, or about non-ANSI characters in shortcut names).
I welcome any correction to English language.
About additional translations, I will welcome you to send me all translated variables and leave me update my program so it takes in account your language.

The source code is available and modifiable, but please, remember that UAC Pass itself is under Creative Commons (BY-NC-ND). If you wish to make a custom version, either to only change colors settings or to translate it in another language, please contact me.

Before asking anything, please, read UAC Pass inline help, it should cover everything.
Also read the main page and the FAQ. A changelog can be found in the UAC Pass sub-menus on the top left of the main page.


You can come to my site to download the tool or its sources*.
https://sites.google.com/site/freeavvarea/UACPass-en

*Thanks to UEZ, the source code is now only 3 files: the icon, the main au3 program, and a second au3 which contains every pictures as binary strings.


I'd like to thanks: (click on their names to see the pieces of code)
- taz742 (multiple files drag&drop)
- trancexx (drag&drop with elevation)
- UEZ (load image to/from memory, seriously, it's Enormous!) Obviously I didn't used the version linked, but the 14-01-2012 one, whatever, it fulfill its purpose!
- Allow2010 (I used and modified some of the task scheduler COM functions he made)
- KaFu (Thanks for the suggestions about UEZ and Allow2010 work)



Cheers!


edit, 27 April 2012:
- Update to version 1.7a, compiled program and source code (re-updated links ^^').
This version correct a bug that was happening when you drag&drop some files onto UAC Pass GUI without the integrated tasks' list opened. Sorry, it happend because I only tested with this window opened...
It was a very basic error, I corrected it by adding at line 1260: GUISwitch($lat_win)

edit, 12 March 2014:
Changed URLs to the site.
Note that compiled version as much as source code still have a pointer to the dead URL "freeavvarea.r00t.la" in the about pane.

Edited by AvvA
Link to comment
Share on other sites

Very nice work AvvA, well done.

Ed: you have obviously spent a great deal of time on your work and that alone deserves the stars (if you care for such things).

Ed: worded your handle incorrectly I do apologize.

Edited by Mobius

wtfpl-badge-1.png

Link to comment
Share on other sites

Thanks you.

I think similarly to this, obviously, if I didn't this little tool wouldn't be here.

I did pass some time on this, but I would prefer that you use different criteria than this to evaluate it ^^'

Don't worry about my handle, it gets hit whatever the spelling is, I use an advanced visual decoder called myopia, it renders the concept of edge inexistent :)

Link to comment
Share on other sites

Hi all, I signed up to the forums just to say that a link/image from this page that links to AvvA's website was flagged by my Sophos software as being malicious due to some HTML scripting it was using. Could be a false positive but just a heads up!

Link to comment
Share on other sites

I updated the first post (and my site) to correct the source code linked which wasn't exactly the latest one. I also did some cleaning because I often speak to much to explain things that don't really need to be explained...

Hi all, I signed up to the forums just to say that a link/image from this page that links to AvvA's website was flagged by my Sophos software as being malicious due to some HTML scripting it was using. Could be a false positive but just a heads up!

Hi, can you be more precise on the warning you're receiving?

I have to update the google +1 button as much as the drupal core, may be that... anyway I would like to know details in order to know exactly from where it comes, if you don't mind. :)

Link to comment
Share on other sites

  • 2 months later...

Updated first post to fit latest update (from today).

About False positives alerts on my site, please consider that I'm not owning r00t.la domain, I only use a subdomain freely, thus I'm not related to any other subdomain than freeavvarea.r00t.la.

Link to comment
Share on other sites

  • 2 weeks later...

I updated links in first post to version 1.7a.

This version correct a bug that was happening when you drag&drop some files onto UAC Pass GUI without the integrated tasks' list opened. Sorry, it happend because I only tested with this window opened...

It was a very basic error, I corrected it by adding at line 1260: GUISwitch($lat_win)

2nd edit to main post: changed the lettercase of the source code link... sorry ;)

Edited by AvvA
Link to comment
Share on other sites

  • 1 month later...

That's a useful tool AvvA! Thank you!

I'm currently using Launchy together with Everything as described here

Do you think it is possible to use UAC Pass with this combination in order to bypass the UAC prompt?

With Launchy I can pass a search query directly to Everything but the UAC Pass shortcut doesn't accept arguments or at least I didn't manage to get it working.

Any ideas?

Thanks & regards

Link to comment
Share on other sites

  • 2 weeks later...

Glad to see that File to Base64 String Code Generator was useful for you.

Nice little useful tool with a nice GUI!

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

  • 5 weeks later...

First, I'm very sorry for the late reply, it seems that this forum doesn't allow to follow a topic more than a few days (weeks?)...

Both of you, thanks for the flowers ^^.

Philpav, I think you can't use UAC Pass to resolve your problem because a scheduled task, when launched, can't receive any other parameter (or at least I didn't find how). Let me know if you found a way.

Link to comment
Share on other sites

Thanks for sharing!

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

  • 2 months later...

Since I recently upgraded to Win 8 I decided to give UAC a chance. This little app became immediately useful :)

Suggestion - allow user to specify optional action parameters when dropping an executable or anything other than an existing shortcut.

And maybe a bug - as I understand it, using the Startup preset creates a BAT file which can recreate the startup task, but which should also allow the startup task to be removed if it is dropped on the UACPass dialog. Currently dropping this created BAT file on the UACPass dialog creates another startup task pointing to the BAT file, and overwrites the BAT file with a new one. Correct me if I'm mistaken about how this process works, the help available on this particular mode of operation was little unclear.

Thanks!

Edited by wraithdu
Link to comment
Share on other sites

  • 1 month later...

Sorry for the late reply, I guess I missed the warning ^^'.

About optional parameters on .exe dropping: anyway you'll have to enter data, and this idea would make me code almost the same as a shortcut creation, because if I propose parameters, I could also propose name, comment and so on. Because it's already available and easy to do I think it's better to make a clean shortcut, with an appropriate name, comment and parameters, and then drop it onto UAC Pass, but I'll keep this idea in mind for the next time I'll be on this tool, thanks.

The batch file created with the "startup option" only intends to remove the task, don't drop it onto UAC Pass, launch it then delete it.

Before v1.7 there wasn't "Show UAC freeing tasks" panel (which allows to execute and/or delete any UAC freeing task from within UAC Pass), so this batch file was made to give an easy way of removing the task. It isn't necessary anymore, I'll remove it from the preset default.

Thank you :)

Edited by AvvA
Link to comment
Share on other sites

Does this work if the user has only standard rights? I thought that a scheduled task run by a standard user would still need Admin approval even if it was created by an administrator.

Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.
Link to comment
Share on other sites

Nope, scheduled tasks run in whatever context they are created for. So if you specify that a task runs as SYSTEM, then it runs as SYSTEM regardless of who launches it. Same goes if you schedule it to run as a particular user. I haven't tested it since I don't have the setup to do so, but I would assume even a standard user could run a scheduled task that has already been created.

Link to comment
Share on other sites

By default, a scheduled task can only be run by someone having at least the same privilege level as the one required by the task.

With UAC Pass it is required to be an administrator to create, delete or use the tasks created.

It is possible to grant access to an administrative task to a common user, but the task will run on the creator's session.

I think there is no way for a common user to run an administrative task on his session without the administrator's login/password, because if it was possible, UAC would be useless.

I hope I'm right, but I'm not sure, as always with software.

Edited by AvvA
Link to comment
Share on other sites

Thanks AwA, that fits in with my experience, and my failures to make it otherwise, so I think you are probably correct.

Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.
Link to comment
Share on other sites

@Marin,

Tasks that trigger a UAC prompt http://en.wikipedia.org/wiki/User_Account_Control

Sessions, Desktops and Windows Stations

http://blogs.technet.com/b/askperf/archive/2007/07/24/sessions-desktops-and-windows-stations.aspx

Like in every IT concepts everything consists out of 0 and 1 :shifty:

Rgds

ptrex

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...