Blog english Blog german Blog

Understand UAC permission and application administrator rights.

UAC and administrator privileges for a program can exactly set by understanding the UAC process in Windows.

Run a program as administrator and the UAC

There are a lot of reasons why to run an application as administrator in Windows.

  1. You have to install software, change Windows settings, monitor the system, configure a backup, install hardware driver, update applications or find an Error, then usually you need elevated privileges.
  2. Some programs don’t work without administrator rights or the software is written quick and dirty.
  3. Other applications need elevated rights only for some parts within the software.
  4. Maybe you are person who only need sometimes elevated rights to check something like a software developer or an IT manager.

In all cases you must be a member of the group administrators and the appropriate program needs elevated rights.
In spite of many reasons, there are only a few moments in a few applications you really need this rights.
Typically for your daily work you only need standard user rights, because no changes on the system settings are necessary.
Nevertheless a lot of users are working daily with an administrator account in order to call this programs and functions directly if they need it.
It is missing an option to give a specific program rights, like you can do it with a user account.
A user then doesn’t need administrator rights to call these programs with administrator rights, because the application itself has already that right.

Explanation User Access Control UAC

Work daily with an administrator account open attackers to manipulate the system.
Therefor Microsoft implements the User Access Control UAC to ask these administrators, if they really want to start that program, because it wants system rights.
The principle works, because since the beginning of the UAC all software developer must implement in their source code to ask the UAC for elevated rights if it is needed.
If the software developers don’t do it, there is no UAC warning dialog for the administrators, their program will not run with elevated administrator rights and a simple setup routine of their software doesn’t work.
It is still possible for the administrators of the computer systems to run this program with administrator privileges, but he must request explicit elevated privileges from the UAC for this software.
This is necessary if the developer of the software forgot to do this, the software is developed before the UAC, but in most cases it is necessary for applications you need the option to run it without and with administrator rights.
Best example is the command line cmd.exe or a batch file. Sometimes it needs elevated privileges for some commands in it but only in a few cases.
Therefor the cmd.exe or a batch file doesn’t request elevated rights and it is the job of an administrator to give it the rights if it is needed and not the job of the developer of the cmd.exe.
This point and other reasons make the UAC to a security instrument which is often misunderstanding. But a wrong understanding of security instrument is a security whole.

Security of UAC

A lot of users think they are save with an active UAC, even though they don’t know how it works.
More clear and save is to switch off the UAC and work with a standard user account instead to use an administrator account on an active UAC system.
The UAC would not be necessary, if users work with a standard user account as it is the default security setting in the 90s since Windows NT.
The user roles would be clearer and a user can only change system settings after he input the credentials of an administrator account.
This is more secure than only a warning dialog from the User access control UAC.
Too much warning make the user’s blind, they ignore the warning and click forward because they do not become active at this point.
Because of that annoying warning message a lot of users disabled the UAC complete, therefore Microsoft loosen the strict User Access Control rules and implements different warning and security levels of the UAC.
But this makes the UAC even more unsecure, complicated, unclear, and the result is a lot of misunderstanding and a vulnerable system.
Turn off the UAC and work with a standard user account is safer, you don’t need administrator right very often.
Look at an android smartphone, Mr. Google is the administrator of the operating system, how often is Mr. Google needed there?
By the way Microsoft goes the same way with its Microsoft account as Google and wants to be the administrator of all windows installations.

Bypass UAC

Normally the User access control can’t bypass directly. If it would be possible to bypass the UAC, each malware could use it for an attack and the UAC has no longer any sense. An outcry from all security experts, that fundamental component of Microsoft's overall security vision is dead. But there are some options the administrator of the system can bypass the UAC

  1. Disable the User Access Control in the system settings
  2. Change individual Settings of the UAC in the group policy editor gpedit.msc Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options
  3. Use third party tools like RunAsRob to set individual application rights
  4. Activate and use the predefined account Administrator. This account ignores an active UAC and bypass it.
There are ways for a hacker to bypass the UAC I don’t want to write a tutorial. But I can say it is not a directly security hole of the UAC. These attacks need an active help from the administrator of the system or a vulnerability of other installed software on the system.

Administrator is not an administrator

On a system without UAC the differences are clear. A standard User logs on with a standard user access token, has limited rights and can’t change system settings. An Administrator logs on with an administrator access token, work with elevated rights to configure the system.

On a system with an active UAC is the differences complicated and not clear anymore, because an administrator logs on with a standard user access token and an administrator access token which is not active. Three conditions must be met to be an administrator

  1. The account must be a member from the local group administrators.
  2. The started application must request elevated privileges or the user account must request elevated privileges for the program.
  3. The user must confirm the appeared UAC Warning message, that application needs system rights.
Microsoft Link UAC >>>

Contact:

For any suggestions, errors, questions, specific requirements or adjustments please contact:
runas@robotronic.de

Licence:

RunasRob is only free for private use.
For companies and other organisations we deliver a licensed version, registered to the organisation name.
Order RunasRob >>>
Download RunasRob >>>

Date: 2022-01-14
Data protection
Imprint