Windows 10 - Application Incorrectly Requiring Admin Creds to Run
-
This is a great tool for analyzing smaller software packages under 100MB
-
@Dashrender said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
Wasn't there supposed to be some type of virtual directory system and virtual registry to allow shitty applications like this to write to what they believed where these locations without actually compromising the system? Or am I smoking crack? or was it talked about, but was really only vaporware.
the Virtual Store. In Task Manager in Details there's a UAC virtualization column that will tell you if it is active or not. It's possible they've created a manifest file to disable it and prompt for admin credentials. If they've left it as a file it can be edited, if they've compiled it with the application I'm not sure if creating a manifest file would overwrite it or not
-
@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.
Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.
-
Is UAC turned off? (Never Notify)
-
I forgot that you might also have to modify the date modified of the .exe before after you delete the manifest
Set-ItemProperty applicationame.exe LastWriteTime (Get-Date)
-
@flaxking said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.
Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.
There are manifest files, but for vc90, so visual studio runtimes. The UAC virtualization shows Not allowed for the process and sub processes.
-
@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
Is UAC turned off? (Never Notify)
UAC is on. I tried turning it off and it still prompts.
-
I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?
-
@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?
No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?
-
@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?
No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?
I don't have it set in the GPO. I went in and checked it twice. Rebooted in between adjustments.
-
@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?
No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?
So much confidence.... but UAC prompt for standard users vs admin users are different settings
-
@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
@flaxking said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:
@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.
Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.
There are manifest files, but for vc90, so visual studio runtimes. The UAC virtualization shows Not allowed for the process and sub processes.
Hmm, if they explicitly disabled it it should show disabled. Maybe it's 64bit?
-
Can you post the result of these two reg queries:
REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v ConsentPromptBehaviorAdminREG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v ConsentPromptBehaviorUser
