Windows 10 - Application Incorrectly Requiring Admin Creds to Run

wrx7m

I am guessing it is because if this-

wrx7m

There are other C:\Windows directories too. This doesn't make any sense to give access to those directories. I think I am going to have to use the ACT and whitelist the app. Although, I am guessing that there are going to be a lot of other files that I will need to hit.

JaredBusch

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

crappy security camera software

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

There are other C:\Windows directories too

Yup, definitely crappy software.

wrx7m

@JaredBusch This system is on the shortlist of shit I want to replace years ago. With 25+ cameras, installed it ain't cheap to replace.

Dashrender

Wasn't there supposed to be some type of virtual directory system and virtual registry to allow shitty applications like this to write to what they believed where these locations without actually compromising the system? Or am I smoking crack? or was it talked about, but was really only vaporware.

wrx7m

I tried the ACT with every exe in the folder. It still prompts for admin creds. POS. Aside from getting rid of the camera system completely, the only option is to give the user a local admin account and have them use it to run this program. SMH

This app doesn't do camera polling (cycling through cameras automatically) and the owner likes that. The older app that has polling doesn't even work on Windows 10. Maybe we will get a new camera system sooner than later.

IRJ

This is a great tool for analyzing smaller software packages under 100MB

https://www.hybrid-analysis.com/

flaxking

@Dashrender said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

Wasn't there supposed to be some type of virtual directory system and virtual registry to allow shitty applications like this to write to what they believed where these locations without actually compromising the system? Or am I smoking crack? or was it talked about, but was really only vaporware.

the Virtual Store. In Task Manager in Details there's a UAC virtualization column that will tell you if it is active or not. It's possible they've created a manifest file to disable it and prompt for admin credentials. If they've left it as a file it can be edited, if they've compiled it with the application I'm not sure if creating a manifest file would overwrite it or not

flaxking

@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.

Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.

JasGot

Is UAC turned off? (Never Notify)

flaxking

I forgot that you might also have to modify the date modified of the .exe before after you delete the manifest

Set-ItemProperty applicationame.exe LastWriteTime (Get-Date)

wrx7m

@flaxking said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.

Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.

There are manifest files, but for vc90, so visual studio runtimes. The UAC virtualization shows Not allowed for the process and sub processes.

wrx7m

@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

Is UAC turned off? (Never Notify)

UAC is on. I tried turning it off and it still prompts.

wrx7m

I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?

JasGot

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?

No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?

wrx7m

@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?

No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?

I don't have it set in the GPO. I went in and checked it twice. Rebooted in between adjustments.

flaxking

@JasGot said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

I just tried modifying UAC again to never notify. When I go into UAC as my admin account, it is set to never notify. If I go into UAC as the user, it shows as the one just below the top. How does that make sense?

No. It should be system wide. If you set it to never ad admin, it should be never for everyone. Is it on a domain? Is there a GPO stepping on you when logged in as a user?

So much confidence.... but UAC prompt for standard users vs admin users are different settings

flaxking

@wrx7m said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

@flaxking said in Windows 10 - Application Incorrectly Requiring Admin Creds to Run:

@wrx7m check for an applicationname.exe.manifest file in the same directory as the exe. If it's there, rename it and the application might not request admin permissions and enable the virtual store.

Note, the virtual store for a user doesn't seem to ever update. So if you do a program update, any file that gets updated that had to be transferred to the virtual store will not get updated for that user.

There are manifest files, but for vc90, so visual studio runtimes. The UAC virtualization shows Not allowed for the process and sub processes.

Hmm, if they explicitly disabled it it should show disabled. Maybe it's 64bit?

JasGot

Can you post the result of these two reg queries:

REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v ConsentPromptBehaviorAdmin

REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ /v ConsentPromptBehaviorUser