I am writing a remote desktop software similar to VNC and wanted to capture UAC prompts by leveraging functionalities given by UIAccess permission and Security policies.
Theory:
As per below given MSDN blogs, you need to set "Security Settings\Local Policies\Security Options\Allow UIAccess applications to prompt for elevation without using the secure desktop" property to "Enabled" in order to allow applications with 'UIAccess' permission to make the 'UAC prompt' to be displayed on user interactive desktop instead of secure desktop.
https://blogs.msdn.microsoft.com/asklar/2012/03/14/remote-assistance-and-uac-prompts/
Observation: I wrote a program with the below given code.
staticvoidMain(){System.Diagnostics.Process p =newSystem.Diagnostics.Process();
p.StartInfo.UseShellExecute=true;
p.StartInfo.FileName="cmd.exe";
p.StartInfo.Verb="runas";
p.Start();}Then I added the following to app.manifest
<requestedExecutionLevellevel="asInvoker"uiAccess="true"/>Then I self signed the application as per the MSDN forum instructions.
Then I manually copied the program to a subfolder in Program Files (x86) folder.
Then I enabled "Allow UIAccess applications to prompt for elevation without using the secure desktop" security policty.
When I run the program (in the same system where i generated certificate), I expected the UAC prompt to be shown in user's interactive desktop. But it is still running in 'secure desktop' even though the application invoked it has UIAccess permission.
What might have went wrong?