{"id":94735,"date":"2016-11-17T07:00:00","date_gmt":"2016-11-17T22:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=94735"},"modified":"2020-09-07T07:11:29","modified_gmt":"2020-09-07T14:11:29","slug":"20161117-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20161117-00\/?p=94735","title":{"rendered":"Is RunAsInvoker a secret, even higher UAC setting?"},"content":{"rendered":"<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">The comments in this oldnewthing article reveal a secret, even higher UAC setting: RunAsInvoker <a href=\"https:\/\/t.co\/tTajZx6FlR\">https:\/\/t.co\/tTajZx6FlR<\/a><\/p>\n<p>\u2014 Vincent Povirk (@madewokherd) <a href=\"https:\/\/twitter.com\/madewokherd\/status\/766127811589312512\"> August 18, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Actually, <code>RunAsInvoker<\/code> is a secret, even <i>lower<\/i> UAC setting.<\/p>\n<p>What <code>RunAsInvoker<\/code> does is to ignore any elevation request in the application&#8217;s manifest and treat the manifest as if it had said<\/p>\n<pre>&lt;requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\" \/&gt;\r\n<\/pre>\n<p>which is the default behavior. The program simply runs with the same privileges as the code that launched it. There is no attempt to elevate.<\/p>\n<p>This means that if you run the program from an elevated command prompt, then the program stays elevated. If you run the program from a non-elevated command prompt, then the program stays non-elevated.<\/p>\n<p>Try it. Make sure RegEdit is not already running, then open a non-elevated command prompt and set <code>__COMPAT_LAYER=RunAsInvoker<\/code>, and then run <code>regedit<\/code> from that command prompt. The resulting copy of RegEdit is running without administrator privileges. You can see this by trying to edit something in HKLM.<\/p>\n<p>While it&#8217;s true that <code>RunAsInvoker<\/code> suppresses UAC prompts, that&#8217;s true because <code>RunAsInvoker<\/code> doesn&#8217;t perform any elevation. If you aren&#8217;t performing any elevation, then naturally you don&#8217;t need an elevation prompt. If the resulting process is elevated, then it means that the calling process was already elevated. You were already on the other side of the airtight hatchway.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Actually, it&#8217;s a secret even lower UAC setting.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-94735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"<p>Actually, it&#8217;s a secret even lower UAC setting.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/94735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=94735"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/94735\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=94735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=94735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=94735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}