uac script/help

This topic contains 5 replies, has 3 voices, and was last updated by Profile photo of ohlssrog ohlssrog 6 months, 1 week ago.

  • Author
    Posts
  • #41177
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Hi.

    I create a topic in help section but i think this is the correct forum

    We have a problem here with UAC GPO in our windows 2003 Domain. As conference applikation we use Cisco's Webex and have it integrate in MS Outlook 2010, after user create a login to webex url and startup outlook this webex outlook plugin wants to upgrade to newer version. User get an popup window and been ask to upgrade now or later. If they click upgrade Windows starts the UAC policy and wants administrator accouint/rights for run this. Clients are not local administrator and running Windows 7 Enterprise SP1. The exe file that starts with the webex plugini upgrade is c:\Program Files (x86)\Webex\Productivity tools\ptupdate.exe. if i disable uac login as standard user and run the upgrade it acan be installed so there is no need for administrator rights. Is where anyway this can be solved with a ps script that can disable the uac when this exe file is running or make uac make an exception for this exe file?

    I have tried every solution with a shourtcut and schedule task and MS comp. application tool with sdb file

    i just found a site , they have solve their problem with uac with a ps script that

    "PowerShell script that does the registering of accounts running as SYSTEM and interacting with the desktop with a modified script linked to somewhere above and also I've made an unregister script during the login process "

    https://www.autoitscript.com/forum/topic/147507-run-as-elevated-admin-from-standard-user-account/

    • This topic was modified 6 months, 1 week ago by Profile photo of ohlssrog ohlssrog.
    • This topic was modified 6 months, 1 week ago by Profile photo of ohlssrog ohlssrog.
    • This topic was modified 6 months, 1 week ago by Profile photo of ohlssrog ohlssrog.
  • #41182
    Profile photo of ohlssrog
    ohlssrog
    Participant

    the url solution with the run as service, does that solution apply to all files so its same as diable the uac on the client?

  • #41226
    Profile photo of Justin King
    Justin King
    Participant

    So to be clear what's happening is simply lazy programming. Not by you, but by whoever compiled that Outlook plugin. If the program doesn't need admin rights, but you get the UAC pop-up, it's because the installer manifest has the attribute flagged. As such, there are a few ways around this, but not all of them are pretty.

    1. The script you've linked simply runs programs under a different context such as system or a supplied service account. So you can setup your script to run under a new context.

    2. You can edit the exe directly and change the attribute so it no longer requests admin permissions. you can use ORCA for this, but backup and test carefully. In this case you likely then want to push the patch in a controlled manner as well. Oh and the you may get checksum warnings depending on how the installer was written.

    3. Download the latest ADK which includes a tool called ACT (Application Compatibility Tool). With this you can create compatibility manifests for different programs to allow they to "play nicely" with Windows. You can then share the db and use a script to push it to your workstations.

    Again, I don't find any of the above particularly "elegant", but this comes down to being at the mercy of lazy programming.

    • This reply was modified 6 months, 1 week ago by Profile photo of Justin King Justin King.
  • #41348
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Hi Thanks for reply.

    I have already test the ACT (Application Compatibility Tool) way and set value runasinvoke, but it doesn't help. Still get the uac admin popup.

    So where is no way to let PS solve this?

  • #41390
    Profile photo of Jack Neff
    Jack Neff
    Participant

    Short answer: No, PS won't fix this for you. You could potentially package a script to allow users to run a particular install under admin context but that's pretty wonky. There's also a tool out there called "CPAU" although I don't recommend it.

    Do you have a system for software deployment like SCCM? If not, you can distribute software via GPO as well. If this were me I would distribute the latest Webex plugin to all systems preemptively. Then create a GPO that suppresses the Webex "upgrade" pop-up so that I control what version is on the systems. We do this now with applications like Java and Adobe products.

  • #41611
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Problem is that the main program is installed through our sccm and after user create a account in the webex tool program against webex with a url and restart outlook the ptupdate.exe starts on the client and the plugin download the upgrade from this added url and want to install it. There is no upgrade package to deploy with a gpo.

    Webex tool dont download any upgrade if there is no account added in the outlook plugin.

    • This reply was modified 6 months, 1 week ago by Profile photo of ohlssrog ohlssrog.

You must be logged in to reply to this topic.