So I made this _awesome_ application in ThinBasic that auto-updates firmware of an embedded board I designed (The EiBotBoard) and it works just great. I'm super happy with ThinBasic.

I bundle the TB program up as an exe for my users to download and run to update the EBB boards with new firmware. But when you run the app, the User Account Control dialog box comes up asking if you want to allow this application to make changes to your PC.

Normal application obviously don't have that (unless they do something like modify drivers or stuff like that, which my program does NOT do). How can I remove that from my bundled application? What is the 'trigger' to Windows to tell Windows that it should bring up that dialog box? I have to use the OS_Shell() call in my app - is that what Windows is looking at to know if the UAC should be used?

Thanks!

*Brian

Hi Brian,

we are very happy you find thinBasic useful! To be able to to analyze the issue you are observing better, information regarding operating system where you observe the behavior would be helpful.


Petr

Petr-

My apologies - of course that would be helpful! I completely forgot.

OK, so I've run this app on Windows 7, Windows 8.1, and Windows 10, all of them 64 bit versions and all with the latest updates from Windows Update.

I get identical behavior (UAC dialog : "Do you want to allow the following program from an unknown publisher to make changes to this computer?") on all three OSes.

*Brian

Hi Brian,

thanks for reporting. It is an area I didn't investigate so far.
some info can be found here https://msdn.microsoft.com/en-us/library/aa905330.aspx
I will check what I can do.

eros

Hi Brian
i think it is not possible to disable user account control from outside exe file since it is a security feature for win7/8/10. i always get this message "Do you want to allow the following program from an unknown publisher to make changes to this computer?" when running most exes on these systems. usually i use windows xp/32 installed in i5 desktop pc, there is another win7/64bit installed in partition 2 of this desktop pc.
i suggest to disable UAC on the computers running your exe ( if it is dedicated for long time usages of your exe else it is not advised)
google suggest to disable uac:

Here is one of two ways to turn off UAC in Windows 7:
Access User Control Panel from. Start Menu. Control Panel. User Accounts and Family Safety. User Account.
Click on User Account Control settings link.
Move the Slider to Never Notify.
Click OK to make the change effective.
Reboot.
Disabling UAC on Windows 7? - Super User
superuser.com/questions/83677/disabling-uac-on-windows-7

there another way to access easily all win7 features: is to use what they call god mode
To turn on God Mode, create a new folder on your desktop--or anywhere you'd like--and name it: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} The resulting folder will contain 270 items, representing virtually every configurable option in Windows 7, including accessing UAC

Brian,

is it possible to have a copy of your executable in order to test its execution here and see what's going on?

Thanks
Eros

Brian,

is it possible to have a copy of your executable in order to test its execution here and see what's going on?

Thanks
Eros

Absolutely! You can see the final .exe file as well as the source here : https://github.com/evil-mad/EggBot/tree/master/EBB_firmware/EBBUpdater

Let me know if you have trouble downloading it or anything.

*Brian

Under Windows 10 it seems that creating a Shortcut to your Exe then going to shortcut Properties/Advanced it is possible to check "Run as Administrator"
This remove the UAC dialog.

Still not understood why UAC comes out for this Bundled Exe.
I'm studying ...

Is it possibly something to do with the machine that I created the .exe bundle on?

What happens if you take the TB source and bundle it on your machine - does your created .exe bring up the UAC?

(note if you run the .exe in a directory that already has the two included files, they will be deleted after the run, and then when you try to make the bundle again you won't be able to. So move the .exe out of that directory before trying to run it.)

*Brian

I think part of the problem is that the .EXE is downloaded from a web page.
And I think it is the same if the .EXE comes from a mail or a .ZIP inside a mail.

If the .EXE comes from a Setup, it should be ok.
I will make some tests in the week-end.

I think part of the problem is that the .EXE is downloaded from a web page.
And I think it is the same if the .EXE comes from a mail or a .ZIP inside a mail.

If the .EXE comes from a Setup, it should be ok.
I will make some tests in the week-end.

Eros,

I'm certain that is not the case for a couple reasons. The main one is that when I built the bundle, I just ran it locally - never uploaded it to GitHub - and it immediately produced the UAC. I do agree with you that Windows SmartScreen (Windows 8/10) will keep track of applications downloaded from websites and present different (Not UAC) warnings to users based on if the app is deemed unsafe or not.

One thing I'm curious about is in the ThinBasic_Bundle_UI window, Version Info tab, there is a "Application Key:" Field. Where does that number come from? Is it generated randomly each time you bundle, or is it generated once for each unique .tbasic source file? I wonder if Windows tracks application permissions by that Application Key or something in some way.

Have you been able to create a bundle from the .tbasic source code? Did it give you the UAC window when you ran the exe?

Thanks so much for looking into this - I know this isn't the most important thing for TB, so don't stress about finding an answer. It's more of just a support thing - people running the program will ask me why the UAC comes up, and if I can get it to go away they won't ever ask why it's there. :-)

*Brian

OK, I completely figured it out, and you're NOT going to believe what it is.

Are you sitting down?

It's the filename.

Yup. If you have the word "update" in the name of any .exe file, it will bring up UAC when you run it.

All you have to do to prevent this is simply change one letter in the filename - say EBBUdaterGUI_v243.exe - and it will then run without the UAC dialog.

So far I've only tested this on Windows 7, but I'll bet the same thing happens on Windows 10 and 8 as well.

It has nothing to do with the .exe file itself. Just the filename. Oh Windows. You're trying to be so clever, and yet you fail so hard.

Anyway, that was a lot of work for something so silly.

*Brian

And, now that I know what to search for ("What filenames trigger UAC"), I see the full answer:

http://stackoverflow.com/questions/20096706/how-does-windows-decide-whether-to-display-the-uac-prompt

That is very interesting. I assume there's no way to create any sort of "manifest" XML file to be used when compiling a bundle EXE, right?

*Brian

Brian,

there is a trick when you can put the file following name convention "yourprogramname.exe.manifest" next to the EXE file, and that should do the trick.

The systematic way is to put that file to EXE "resources". This is something which could be investigated on our side and I will now put some time to investigate how this can be achieved.


Petr

Petr,

Very cool!! I will check that out (first I have to learn more about what you can put in a manifest file). Thanks for the tip-

*Brian

Petr,

I could not get the .exe.manifest method to work.

Is the bundle process supposed look for a yourprogramname.exe.manifest and include it in the resulting .exe?

*Brian

Hi Brian,

with Microsoft Windows SDK, you get access to mt.exe tool, which allows to embed the manifest to EXE file. I tried it, it works, but... we don't want thinbasic users to depend on this third party dependency.
I think the proper way would be to offer the user, during bundle process, to embed some files to resources (for example manifest).

What do you think, Eros?


Petr

P.S. The Microsoft Windows SDK way works with bundled files, I tried it, but it is too much bloat for thinBasic coders. We will make it easy...

Petr, It looks like windows 10 SDK has renamed the tool as mage.exe (mageui.exe) unless I am mistaken.

C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.6.2 Tools

Mike C.

Dear Brian,

I've made some changes to bundling application hopefully should solve the problem.
I've changed the manifest file that is included into bundled exe adding e new node into xml file that should say to the OS about security.
I've followed indications here https://msdn.microsoft.com/en-us/library/bb756929.aspx using "requestedExecutionLevel" "asInvoker"

I attach new version of ThinBasic_Bundle_UI.exe
Please substitute the one you have into \thinBasic\thinAir\

Let me k now if it works.

Ciao
Eros