Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsWindows UAC-related issue
jamesrt

1613 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#137915 13-Dec-2013 09:28
Send private message

Hi,

OK, I know I'm a bit rusty on "Modern" Windows, having primarily been a Unix guy for the last 15 years; so hence this question.

I'm at a client site, where I'm using their locked-down workstations, so I don't have Admin privs (not do I want them!) in Windows 7.

I've downloaded (from a vendor website) a self-extracting .exe file (which is a patch) for a server which is running a Unix OS; but the patch is a Windows .EXE (don't even ask!).

However, whenever I run said .EXE file, it immediately prompts for Windows Admin credentials via UAC which, of course, I don't have, in theory need, or actually want.  If I click "Cancel", then the binary immediately terminates with an "access denied" message (when running from the Command line).

Is there not some mechanism within Windows to say I wish to run this binary as a non-privileged user, so don't even bother asking for elevated rights? Because if there is, I can't find it.  And if there isn't, then I find it particularly irritating that in this modern day of "least privilege" being the "correct" thing to do that there is no way of running what is effectively a self-extracting compressed file without giving it total admin rights to the entire workstation. 

That seems so wrong...

Thanks!

Create new topic
Ragnor
8223 posts

Uber Geek

Trusted

  #951660 13-Dec-2013 14:37
Send private message

Sounds like the vendor hasn't signed their EXE with a trusted cert, if they did this properly you shouldn't see a UAC prompt.

If it's just a zip or rar you might be able to right click the file and extract it or that or another machine.




Lias
5590 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #951726 13-Dec-2013 15:41
Send private message

If they have something like 7-Zip installed, try opening the exe with that and see if you can pull out the contents.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

jamesrt

1613 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #951743 13-Dec-2013 16:01
Send private message

Thanks for the replies; I don't at this stage need help on how to get the files out of the self-extracting archive - a USB key and my own laptop (which I do have Admin rights on!) sorted that out pretty quick.

In response to answer #1, it's a major international hardware vendor; pretty sure the app is built correctly; and pretty sure the reason it's prompting for credentials is that my domain-account doesn't have Admin rights; the binary (or windows) "thinks" or "knows" it needs them (for example, escalation may be tagged in the manifest - I haven't checked), and is asking for credentials with local admin rights.  Pity all it does is create a subdirectory of your choice, and write files into it - none of which "need" (i.e. mandatory require) admin rights....  sigh.

However, I'd still like to know if there is a way to prevent Windows from attempting and then subsequently failing to gain elevated rights, and then point blank refusing to run the software.  I.e. is there a way to force it to run un-elevated.

As I've mentioned, I'm a Unix guy; so I like (where possible) to use Cygwin utilities on a PC.  The older Cygwin "setup.exe" file used to trigger a UAC elevation when run purely because the name was "setup.exe"; renaming it to something else (like "cygset.exe") would let it run, and as a non-priv'ed user you could say "install just for me", and as long as you had write-access to some directory it would be perfectly happy.

I notice that the latest version doesn't do that any more - even when renamed, it still attempts UAC escalation.  There is documented setting for an application manifest which tells Windows to automatically escalate; which would be fine, except it makes the whole "install just for me" non-priv code in the installer completely redundant!   (this is presumably what my vendor file I referred to earlier does too).

(Note: "Windows XP compatibility mode" still prevents the Cygwin installer from UAC prompting; that workaround still doesn't work for the vendor patch).

I guess at the end of the day, I'm just venting - my problem is solved; but it would be nice to know if there was a mechanism by which I could tell Windows to "just freaking do it" without Admin rights - yes, the app in question may then fail if it tries and/or needs to do something "special", but I know that these vendor patches just simply unpack into a sub-dir.  Yes, running the actual patch itself would be a privileged Op; but to just unpack some files?  Nope.

I'll log a support case with the vendor too, just to make a point....



TwoSeven
1630 posts

Uber Geek

Subscriber

  #951782 13-Dec-2013 17:30
Send private message

Best way to think of UAC is that of sudo on Linux. There are things you may want to do and things you can no longer do - like run badly written installers by vendors who should no better :)

http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx





Software Engineer
   (the practice of real science, engineering and management)
A.I.  (Automation rebranded)
Gender Neutral
   (a person who believes in equality and who does not believe in/use stereotypes. Examples such as gender, binary, nonbinary, male/female etc.)

 

 ...they/their/them...

Lias
5590 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #951891 13-Dec-2013 20:43
Send private message

jamesrt: Thanks for the replies; I don't at this stage need help on how to get the files out of the self-extracting archive - a USB key and my own laptop (which I do have Admin rights on!) sorted that out pretty quick.

In response to answer #1, it's a major international hardware vendor; pretty sure the app is built correctly; and pretty sure the reason it's prompting for credentials is that my domain-account doesn't have Admin rights; the binary (or windows) "thinks" or "knows" it needs them (for example, escalation may be tagged in the manifest - I haven't checked), and is asking for credentials with local admin rights.  Pity all it does is create a subdirectory of your choice, and write files into it - none of which "need" (i.e. mandatory require) admin rights....  sigh.



If its asking for admin rights then either its actively trying to do something that requires it (such as write to a folder you don't have permissions too with your account) or the package has been set to prompt for elevation when run. You'd be amazed how many major international vendors assume everyone has admin rights.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright