Join Log in
Score:0
matpop avatar Server

How does Windows establish whether application makes changes to device

vn flag
matpop

For applications that trigger the UAC ("Do you want to allow this app to make changes to your device" dialog), which are the characteristics that are detected by Windows in order to decide to trigger UAC? Consider that "Run this program as an administrator" is disabled in the Compatibility tab of the executable/shortcut properties. Does Windows detect paticular data/metadata inside the executable file? Does Windows keep metadata about different applications, differentiating between apps that may "make changes to the device" and apps that don't?

35
0 + 0
uac
Score:2
avatar Server
cn flag
Greg Askew

which are the characteristics that are detected by Windows in order to decide to trigger UAC

Attempting to access a resource that the account's standard user token does not have permission to access.

https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works

"When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. The standard user access token is used to start apps that do not perform administrative tasks (standard user apps). The standard user access token is then used to display the desktop (explorer.exe). Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token."

0 + 0
matpop avatar
vn flag
matpop
Thank you for the documentation link. My problem is to understand what actually triggers all the UAC process. From what you point out, it seems that averything happens dynamically, i.e. the application is launched, the application attempts to access a resource that needs administrative privileges to be accessed, the UAC kicks in. But the problem is, somehow the app icon already has the Windows "security shield" mark on it! And it seems to be there even if I never launched the application yet. It seems Windows already "knows" (statically) that the application may access reserved resources
0
Reply
cn flag
Greg Askew
It could be in the manifest of the target executable. Developers can specify if the application requires administrator requestedPrivileges/requestedExecutionLevel.
1
Reply
matpop avatar
vn flag
matpop
nope... it has the `asInvoker` option
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.