27 June, 2012

How to detect is UAC enabled or not?

There are at least three ways to detect UAC (User Access Control) is active or not:

  • Check the registry value EnableLUA at HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. However, there is the one problem: the value can be changed at any time, but it won't be used by OS until the computer reboot. So, this way is possible, but it isn't good.
  • Call GetTokenInformation() with TokenElevationType and TokenElevation. It doesn't work in all situations. It's impossible to detect UAC when an application runs under conventional user (TokenElevationType returns TokenElevationTypeDefault and TokenElevation returns FALSE).
  • Call private API method (valid only for Windows Vista and later):
    #pragma comment(lib, "ntdll.lib")
    
    #define ELEVATION_UAC_ENABLED                 0x1
    #define ELEVATION_VIRTUALIZATION_ENABLED      0x2
    #define ELEVATION_INSTALLER_DETECTION_ENABLED 0x4
    
    extern "C"
    NTSTATUS
    NTAPI
    RtlQueryElevationFlags(
            DWORD* pFlags);
    
    Unfortunately, there is no declaration of this method in Windows Driver Kit (WDK), but ntdll.lib from WDK contains it.

No comments: