Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

# 257328 26-Sep-2019 10:13
Send private message quote this post

Why is it that I have to flag a program as 'run as administrator' when I'm logged in as an administrator to get it to run  correctly?

 

This is on Win 10.


Filter this topic showing only the reply marked as answer Create new topic
3880 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325174 26-Sep-2019 12:00
2 people support this post
Send private message quote this post

User Account Control.

 

It's basically the local OS level implementation of Microsoft's JITJEA concept.

 

In short, even when logged in as a user with access to administrative rights, you don't actually HAVE administrative rights until you click "Yes I really want to run this with admin rights", so that bad stuff can't run as admin without you knowing/approving it. The theory being that if virus.exe suddenly wants admin rights you'll click no rather than it just being able to run because you're logged in as an admin.

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.


BDFL - Memuneh
64690 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2325179 26-Sep-2019 12:10
One person supports this post
Send private message quote this post

As above. You can obviously change UAC to never notify you but then you will have unknown programs running around with full Administrator rights on your machine...





 
 
 
 


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325198 26-Sep-2019 12:31
Send private message quote this post

I've changed UAC to never notify but it still does.

 

The machine in question only runs my homegrown media player so security is not really an issue. At least it used to when it was running Win 7 but since I upgraded to Win 10 I can't currently access any of the NAS drives. I may need start another thread on that issue if I can't solve it.


1384 posts

Uber Geek


  # 2325219 26-Sep-2019 12:48
Send private message quote this post

SJB:

Why is it that I have to flag a program as 'run as administrator' when I'm logged in as an administrator to get it to run  correctly?


This is on Win 10.



I understand, logging in as Admin Approval Mode which is what happens when one uses the administrator account generates two tokens. An admin token and a user token.

From memory I think it is the user token that windows uses when launching programs, so if the application requires special permissions you will get prompted to elevate the token (the UAC prompt). Normal programs will launch as expected because they just require a standard user token.







Software Engineer

 


3880 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325548 26-Sep-2019 20:11
2 people support this post
Send private message quote this post

SJB:

 

I've changed UAC to never notify but it still does.

 

The machine in question only runs my homegrown media player so security is not really an issue. At least it used to when it was running Win 7 but since I upgraded to Win 10 I can't currently access any of the NAS drives. I may need start another thread on that issue if I can't solve it.

 

 

I'd put money on it that your NAS is trying to use SMB1/2 (old, outdated insecure versions of the protocol)  instead of SMB3. Make sure SMB3 is enabled on the NAS.

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.


3440 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325554 26-Sep-2019 20:22
One person supports this post
Send private message quote this post

Lias:

 

SJB:

 

I've changed UAC to never notify but it still does.

 

The machine in question only runs my homegrown media player so security is not really an issue. At least it used to when it was running Win 7 but since I upgraded to Win 10 I can't currently access any of the NAS drives. I may need start another thread on that issue if I can't solve it. 

 

I'd put money on it that your NAS is trying to use SMB1/2 (old, outdated insecure versions of the protocol)  instead of SMB3. Make sure SMB3 is enabled on the NAS. 

 

On the other hand, if your NAS is not capable of running SMB3, enable SMB1 on your computer as it is disabled by default in Win 10.


1011 posts

Uber Geek

Trusted

  # 2325592 26-Sep-2019 21:13
Send private message quote this post

Dratsab: On the other hand, if your NAS is not capable of running SMB3, enable SMB1 on your computer as it is disabled by default in Win 10.

 

😐 Ideally you will want to avoid this, but if you really have to:

 

From the Control Panel, find "Turn Windows features on or off" & then disable "SMB 1.0/CIFS Automatic Removal" and enable "SMB 1.0/CIFS Client".

 

 

Or, from an elevated PowerShell prompt, you can run:

 

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol

 

as per MS KB article 2696547.

 

 





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.


 
 
 
 


3880 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325664 27-Sep-2019 07:06
One person supports this post
Send private message quote this post

The problem with enabling the older SMB protocols is that they are very insecure and a common malware vector.  If the NAS is so old it doesn't support SMB3, probably time to think about replacing the NAS.





Information wants to be free. The Net interprets censorship as damage and routes around it.


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325834 27-Sep-2019 11:10
Send private message quote this post

Thanks for the replies.

 

The comment about not being able to access NAS drives should have been more explicit. I can access the drives with no problem via Explorer and other programmes such as my own EPG Collector.

 

What didn't work is my media player which, on startup, issues a call to the .Net function GetDrives in the DriveInfo class. On Win 7 and earlier this would return a list of all drives including local drives, DVD drives and NAS drives.

 

However on Win 10 this did not include the NAS drives. This is with exactly the same code that runs OK on Win 7.

 

I poked around for most of yesterday trying to change the  security on the mapped drives (unsuccessfully), running as administrator, UAC notifications switched off etc etc. Finally what did work was a registry change to switch off UAC altogether

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to 0.

 

Obviously I wouldn't do this on a machine that was for general use but this is a closed environment. On startup it  loads my media player  (which  is all my own code) and it is the only  user programme that runs. When the media player is closed it powers off the machine.

 

So I didn't really get to the bottom of why it didn't work but obviously something in UAC has been changed/tightened up which affects either mapped drives or network access in some way.

 

 

 

 

 

 


359 posts

Ultimate Geek


  # 2325858 27-Sep-2019 11:42
Send private message quote this post

SJB:

 

Thanks for the replies.

 

The comment about not being able to access NAS drives should have been more explicit. I can access the drives with no problem via Explorer and other programmes such as my own EPG Collector.

 

What didn't work is my media player which, on startup, issues a call to the .Net function GetDrives in the DriveInfo class. On Win 7 and earlier this would return a list of all drives including local drives, DVD drives and NAS drives.

 

However on Win 10 this did not include the NAS drives. This is with exactly the same code that runs OK on Win 7.

 

I poked around for most of yesterday trying to change the  security on the mapped drives (unsuccessfully), running as administrator, UAC notifications switched off etc etc. Finally what did work was a registry change to switch off UAC altogether

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to 0.

 

Obviously I wouldn't do this on a machine that was for general use but this is a closed environment. On startup it  loads my media player  (which  is all my own code) and it is the only  user programme that runs. When the media player is closed it powers off the machine.

 

So I didn't really get to the bottom of why it didn't work but obviously something in UAC has been changed/tightened up which affects either mapped drives or network access in some way.

 

 

 

 

 

 

 

 

 

 

Are you running the media player as admin? If so then the drive will not be mapped with UAC turned on, you need to think 2 users when you got UAC turn on, a normal user and an admin user, and if you map a drive as a normal users, it does not map it as an admin user, the best thing  to do is load an admin cmd and use the net use command to check what mapped, you will find by default 0 drives mapped. Then map them with the /PERSISTENT:yes switch to map the drive in the admin cmd to keep them mapped.


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2325891 27-Sep-2019 12:28
Send private message quote this post

I did know about the 2 users issue but didn't think it thru properly. According to some logging I do in my player it is currently running as Administrator so I think you may be correct.

 

I'll give it a go and report back.


1384 posts

Uber Geek


  # 2325932 27-Sep-2019 12:33
Send private message quote this post

SJB:

 

Thanks for the replies.

 

The comment about not being able to access NAS drives should have been more explicit. I can access the drives with no problem via Explorer and other programmes such as my own EPG Collector.

 

What didn't work is my media player which, on startup, issues a call to the .Net function GetDrives in the DriveInfo class. On Win 7 and earlier this would return a list of all drives including local drives, DVD drives and NAS drives.

 

However on Win 10 this did not include the NAS drives. This is with exactly the same code that runs OK on Win 7.

 

I poked around for most of yesterday trying to change the  security on the mapped drives (unsuccessfully), running as administrator, UAC notifications switched off etc etc. Finally what did work was a registry change to switch off UAC altogether

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA to 0.

 

Obviously I wouldn't do this on a machine that was for general use but this is a closed environment. On startup it  loads my media player  (which  is all my own code) and it is the only  user programme that runs. When the media player is closed it powers off the machine.

 

So I didn't really get to the bottom of why it didn't work but obviously something in UAC has been changed/tightened up which affects either mapped drives or network access in some way.

 

 

I would suggest if writing code, take the opportunity to read up about UAC and how it works.   I think one is effectively trying to swim upstream against the current so to speak.

 

As mentioned before, when running in administrative mode one gets two identities - the elevated identity likely wont see the network location because it probably is not a trusted location in the context of this mode.  However, the standard user identity likely will see them.

 

I understand DriveInfo runs non-elevated so it will be running in the user mode context.  What happens when you run your app as a standard user with UAC set normally?

 

Also, as an aside - my view is Windows 10 is not Windows 7 so just because something worked on the old platform does not mean to say it should work on the new platform.  As they say ‘correlation does not imply causation’.

 

 





Software Engineer

 


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2326422 28-Sep-2019 17:39
Send private message quote this post

I think I understand what is going on now I know there are 2 identities.

 

When I was using Win 7, UAC was switched off in the registry. I don't remember doing this and the machine was second hand so it probably came that way. I only ever logged on one user (who was an administrator) and the drives were mapped to them ie at the admin privilege level.

 

When I upgraded to Win 10 it changed the registry (without asking me incidentally) so that UAC was now switched on. I have verified this happens by upgrading a second Win 7 machine and checking the registry setting before and after.

 

So once I had upgraded, logging on with the same user and running my media player would have resulted in it looking for the network drives at the user privilege level instead of the admin level and it won't have found them.

 

Out of interest I will play around with my drive mappings and app with UAC switched on, both in the registry and with notifications on, and see what happens. In practice I will probably switch UAC off as I don't want any notifications popping up and with those switched off I don't see any point in not switching it off in the registry.

 

 

 

 


1384 posts

Uber Geek


  # 2326457 28-Sep-2019 19:58
Send private message quote this post

you may want to try just logging in to a standard user account.  You’ll only get the UAC popup if your application tries to access a privileged resource which by the sound of things one doesn’t need to do.

 

 

 

 





Software Engineer

 


SJB



1428 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2326512 28-Sep-2019 22:02
Send private message quote this post

It does use the registry so it may do and it also closes the machine down. Anyway I can run at user privilege and find out.


Filter this topic showing only the reply marked as answer Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.