Wednesday 20 July 2011

Bypass UAC, Based on Windows OS Version and setting up Environment Variable using VBS

What is UAC

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows7. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges.
 1.) Problem in changing file in Windows directory when UAC is Active

Windows Vista/7 does not allow to change any file C:\Windows folder or setting up and environment variable through VBS(VB Script), if UAC(User Account Control) is active.

Suppose i have one file (saplogon.ini) in C:\Windows\ folder.  And I want to edit that ini file and UAC is on. Then if you want to change that particular file, it will not pick that changed file from C:\Windows\ folder. 

Reason for the same is, in this case the file i.e (C:\Windows\saplogon.ini) can neither be overwritten nor reloaded. Because when UAC is ON, While changing file from Windows folder, it create a copy of that file.
The copied file %USERPROFILE%\AppData\Local\VirtualStore\Windows\saplogon.ini will be always used by Windows 7 OS.

Note: .ini File basically used as Configuration file. which some time require manual changes.
 
What is Environment Variable

Environment variables are a set of dynamic named values that can affect the way of running application or Operating System.

2.) Problem with setting EV using script when UAC is Active

When UAC is Active, you can not run any script which will not have administrative privilege. And script will stop with an error after execution. Means It will not allow to run script if you don't have administrative privilege.

Solution of above two problem.
  1. Turn off UAC using Administrative privileges manually.
  2. Writing VBS (VB Script) which will run as Administrator.   
Here I will talk about second option. Through which you can set an environment variable using VB Script. This will automate the whole process.

Here is the piece of code for the with reference to second Solution of above two problem.    

**Note: Just Copy and Paste this below code in notepad and saved it as .vbs file(like SetEnvironmentVar.vbs). You can attach this script with any setup file.

Set objWshShell = WScript.CreateObject("WScript.Shell")
strOSVersion    = objWshShell.RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\CurrentVersion")


'Checking the OS version as in Windows XP or lower version there is no UAC

If strOSVersion >= "6.0" Then
 MsgBox "System is Vista or Windows 7"
 If WScript.Arguments.length =0 Then
  Set objShell = CreateObject("Shell.Application")
  'Bypass the annoying UAC(User Account Control)
  objShell.ShellExecute "wscript.exe", Chr(34) & _
  WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
 End If
Else
 MsgBox "System is windows XP or lower Version"
End If
'Here you can write your own code to replace the "C:\windows\xyz.ini file
Set WshEnv = objWshShell.Environment("SYSTEM")
WshEnv("SAPLOGON_INI_FILE") = "c:\saplogon\saplogon.ini"