27 June, 2012

How to detect is UAC enabled or not?

There are at least three ways to detect UAC (User Access Control) is active or not:

  • Check the registry value EnableLUA at HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. However, there is the one problem: the value can be changed at any time, but it won't be used by OS until the computer reboot. So, this way is possible, but it isn't good.
  • Call GetTokenInformation() with TokenElevationType and TokenElevation. It doesn't work in all situations. It's impossible to detect UAC when an application runs under conventional user (TokenElevationType returns TokenElevationTypeDefault and TokenElevation returns FALSE).
  • Call private API method (valid only for Windows Vista and later):
    #pragma comment(lib, "ntdll.lib")
    #define ELEVATION_UAC_ENABLED                 0x1
    extern "C"
            DWORD* pFlags);
    Unfortunately, there is no declaration of this method in Windows Driver Kit (WDK), but ntdll.lib from WDK contains it.

No comments: