Jump to content

working with windows 7 UAC

Recommended Posts

I have a program what works great in our locked down exam rooms running under XP. We are upgrading to Windows 7 and I need help with UAC. Disabling UAC is not really an option.

(1) The program first checks to see if it is admin via IsAdmin(). If so, it will ask you if you want to launch task manager, command prompt, and explorer. After these are lauched, the program (now running as admin) ends and it never installs any hotkeys.

(2) If not running as admin then install two hotkeys, wait forever for one of them to be pressed.

  • Hotkey #1 displays Computer, User, IP Address, etc. No admin required.
  • Hotkey #2 asks you for an admin username and password. It will then:
  • Execute itself as admin and thus hit the branch listed in (1)
  • RunAs( $u, @ComputerName, $p, 1, @AutoItExe, "c:\windows" )
With Windows 7 the program does not run as expected. If I use #RequireAdmin any where in the script, it will ask for UAC username and password (when running as a normal user). If I don't use #RequireAdmin, then the RunAs does not operate as expected. It appears as though the IsAdmin() function is returning false.

How can I fix this? I have attached the script.



Link to post
Share on other sites

How can I fix this? I have attached the script.

Where is the script?

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Link to post
Share on other sites

Have a look at this (8. Facts on UAC), this and this All of them will give you the info you need to get your script working. I had a similar issue with a script, and I was able to get it to work. Look at the _IsAdministrator function in the first thread, and if you need to re-execute the script multiple times, set the Registry value ConsentPromptBehaviorAdmin to 0 to prevent UAC Popups. Then set it back to the previous value at the end of the script.

Until I can see the script, there is nothing much else I can help you with.


Link to post
Share on other sites
  • Moderators


seems like I've become kind of an UAC expert around here

And you are very welcome to be the UAC expert. :)

From now on we shall point all users posting UAC questions in your direction! Have fun! ;)


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:


ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area


Link to post
Share on other sites

I edited you script, check to see if this works for you.


Show computer information or launch shell when hotkey is pressed
-John Taylor
May-24-2005 (version 1)
Nov-08-2007 (version 2)
May-12-2010 (version 3) [1] commented out GP / regedit functionality   [2] updated RunAs() for AutoIt v3.3.4.0
Jul-28-2010 added crtl-alt-A to start Admin Tools
Feb-10-2012 update for Windows 7 UAC


If Not StringRegExp(@OSVersion, "_(XP|200(0|3))") And _IsAdministrator() And Not IsAdmin() Then ;Windows Vista+
If ShellExecute(@ScriptFullPath, "", "", "runas") Then
        MsgBox(16 + 262144, "ERROR!", "Script did not get elevated privileges, and cannot run.")

#include <GUICONSTANTS.au3>
#include <EditConstants.au3>

;; #RequireAdmin

Opt("GUIOnEventMode", 1)
Opt("MustDeclareVars", 1)
;~ Opt ("RunErrorsFatal", 0 )

Global $Info_Title = "System Info v4"
Global $Shell_Title = "Run Admin Tools"
Global $UsernameID
Global $PasswordID
Global $Shell_Win
Global $_In_Shell = 0

Global $reg_entry[10][3]
Global $reg_entry_last = 2

$reg_entry[0][0] = "HKCUSoftwarePoliciesMicrosoftWindowsSystem"
$reg_entry[0][1] = "DisableCMD"
$reg_entry[0][2] = ""

$reg_entry[1][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"
$reg_entry[1][1] = "DisableTaskMgr"
$reg_entry[1][2] = ""

$reg_entry[2][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"
$reg_entry[2][1] = "DisableRegistryTools"
$reg_entry[2][2] = ""

;; These do not work, unless you reboot the machine; therefore, making them useless...
;; Prevent access to drives from My Computer
;$reg_entry[3][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
;$reg_entry[3][1] = "NoViewOnDrive"
;$reg_entry[3][2] = ""             ;0x03ffffff means restrict all drives

; Hide these specified drives from My Computer
;$reg_entry[4][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
;$reg_entry[4][1] = "NoDrives"
;$reg_entry[4][2] = ""             ;0x03ffffff means restrict all drives

HotKeySet("^!~", "OnInfo") ; control alt ~
HotKeySet("^!A", "OnAdminTools") ; control alt A   (not lowercase A)
HotKeySet("+^!{TAB}", "OnAdminTools") ; shift control alt tab

;MsgBox(0,"isadmin()", isadmin())
If IsAdmin() Then
;MsgBox(0,"Info", "isadmin if stmt")



Func _ReduceMemory($i_PID = -1)
If $i_PID <> -1 Then
Local $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $i_PID)
Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', $ai_Handle[0])
DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $ai_Handle[0])
Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', -1)
Return $ai_Return[0]
EndFunc   ;==>_ReduceMemory

Func WaitForever()
While 1
EndFunc   ;==>WaitForever

Func OnAdminTools()
Local $SubmitID
$_In_Shell = 1

$Shell_Win = GUICreate($Shell_Title, 270, 150)

GUICtrlCreateLabel("Username:", 10, 30)
$UsernameID = GUICtrlCreateInput("AdminAcct", 65, 30, 120)

GUICtrlCreateLabel("Password:", 10, 60)
$PasswordID = GUICtrlCreateInput("", 65, 60, 120, -1, $ES_PASSWORD)

$SubmitID = GUICtrlCreateButton("OK", 10, 90, 60)
GUICtrlSetOnEvent($SubmitID, "OnSubmit")

ControlFocus($Shell_Title, "", $PasswordID)

While 1 = $_In_Shell
EndFunc   ;==>OnAdminTools
func UnlockPermissions()
local $i, $val, $rv
local $reg_val = 0

for $i=0 to $reg_entry_last
;MsgBox(0,"Dbg", $reg_entry[$i][0] & @CRLF & $reg_entry[$i][1])
$val = -2
$reg_entry[$i][2] = -4
$val = RegRead($reg_entry[$i][0], $reg_entry[$i][1])
$rv = @error
if 0 <> @error then
; error reading reg key
; do not change [$i][2] so that it will not try to get used in LockPermissions()
;MsgBox(0,"error", "RegRead()" &@CRLF& $rv)

if StringInstr($reg_entry[$i][0], "Explorer", 0 ) > 0 then
;MsgBox(0,"Explorer", "Match " &$reg_entry[$i][1] )
$reg_val = 3; where 3 = restrict A & B drives only

if $val > -1 then
;MsgBox(0,"val", $val &@CRLF& $reg_val)
$rv = RegWrite($reg_entry[$i][0], $reg_entry[$i][1], "REG_DWORD", $reg_val)
;MsgBox(0,"Unlock()", "RegWrite rv: " & $rv)
if 1 == $rv then
$reg_entry[$i][2] = $val

func LockPermissions()
local $i

for $i=0 to $reg_entry_last
if -4 <> $reg_entry[$i][2] then
RegWrite($reg_entry[$i][0], $reg_entry[$i][1], "REG_DWORD", $reg_entry[$i][2])
$reg_entry[$i][2] = ""

Func RunPrograms()
Local $tmp = ""
Local $wait = 125

;MsgBox(0,"Dbg", "In RunPrograms()")

Run(@ComSpec, "C:")

Run(@SystemDir & "taskmgr.exe")

;Run(@WindowsDir & "regedit.exe")

;$tmp = @SystemDir & "gpedit.msc"
;Run(@ComSpec & " /c " & $tmp, "")

;$tmp = @SystemDir & "sysdm.cpl"
;Run(@ComSpec & " /c " & $tmp, "")

;$tmp = @SystemDir & "rundll32.exe SHELL32.DLL, SHHelpShortcuts_RunDLL PrintersFolder"
;Run(@ComSpec & " /c " & $tmp, "", @SW_MINIMIZE )

$tmp = "C:WINDOWSexplorer.exe C:"
Run(@ComSpec & " /c " & $tmp)

; System Properties
Run("C:\Windows\System32\control.exe sysdm.cpl", "C:\Windows\System32\")

; Desktop Properties: Screen Saver, Display Resolution, etc.
Run("C:\Windows\System32\control.exe desk.cpl", "C:\Windows\System32\")

; Crazy hack to run: explorer.exe c:
Run("C:\Windows\System32\control.exe ncpa.cpl", "C:\Windows\System32\")

; Internet Explorer
$tmp = '"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/'
EndFunc   ;==>RunPrograms

Func AdminTools()
Local $rv
;MsgBox(0,"Dbg","In AdminTools()")
$rv = MsgBox(4, 'Admin Tools', 'Do you want to run the Admin Tools?')
If $rv == 6 Then
EndFunc   ;==>AdminTools

Func OnExit()
$_In_Shell = 0
;MsgBox(0,"Debug","starting OnExit()")
EndFunc   ;==>OnExit

Func OnInfo()
Local $data[25]
Local $i = 0
Local $output = ""

$data[1] = "Computer name: " & @ComputerName
$data[2] = "User name: " & @UserName
$data[3] = "Logon server: " & @LogonServer
$data[4] = "---------------------------------------"
$data[5] = "1st IP: " & @IPAddress1
$data[6] = "2nd IP: " & @IPAddress2
$data[7] = "---------------------------------------"
$data[8] = "OS: " & @OSVersion & "  " & @OSServicePack
$data[9] = "Desktop: " & @DesktopWidth & "x" & @DesktopHeight & " @ " & @DesktopDepth & "bpp"
$data[10] = "AutoIt version: " & @AutoItVersion

For $i = 1 To 10
$output = $output & $data[$i] & @CR

MsgBox(0, $Info_Title, $output, 14)
EndFunc   ;==>OnInfo

Func OnSubmit()
;MsgBox(0,"Info", "In OnSubmit()")
Local $u, $p, $rv
$u = GUICtrlRead($UsernameID)
$p = GUICtrlRead($PasswordID)

;MsgBox(0,"OnSubmit()", $u & @TAB & $p & @TAB & @AutoItExe)
$rv = RunAs($u, @ComputerName, $p, 1, @AutoItExe, "c:windows")
;MsgBox(0, $rv, @Error & " " & @AutoItExe)

EndFunc   ;==>OnSubmit

; end of script

; trancexx
; http://www.autoitscript.com/forum/topic/...as-admin/page__view__findpost_
Func _IsAdministrator($sUser = @UserName, $sCompName = ".")
    Local $aCall = DllCall("netapi32.dll", "long", "NetUserGetInfo", "wstr", $sCompName, "wstr", $sUser, "dword", 1, "ptr*", 0)
    If @error Or $aCall[0] Then Return SetError(1, 0, False)
    Local $fPrivAdmin = DllStructGetData(DllStructCreate("ptr;ptr;dword;dword;ptr;ptr;dword;ptr", $aCall[4]), 4) = 2
    DllCall("netapi32.dll", "long", "NetApiBufferFree", "ptr", $aCall[4])
    Return $fPrivAdmin
EndFunc   ;==>_IsAdministrator

There is one issue, the _IsAdministrator function only work for local admin accounts discretely listed, not in AD Security Groups. On our PCs, we use AD Security Groups, so it shows False for me, but my user account is in a security group that is in the local Administrators Group.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...