Short: Windows 7 Release Candidate auto-elevate white list
Back in February, I posted a list of applications that have the authority to automatically elevate without prompt in Windows 7. This list has been shortening over the months, with the Release Candidate build featuring the shortest list of now only 62 entries.
Notable missing entries (good thing) are rundll32.exe and mmc.exe.
- \Windows\ehome\Mcx2Prov.exe
- \Windows\System32\AdapterTroubleshooter.exe
- \Windows\System32\BitLockerWizardElev.exe
- \Windows\System32\bthudtask.exe
- \Windows\System32\chkntfs.exe
- \Windows\System32\cleanmgr.exe
- \Windows\System32\cliconfg.exe
- \Windows\System32\CompMgmtLauncher.exe
- \Windows\System32\ComputerDefaults.exe
- \Windows\System32\dccw.exe
- \Windows\System32\dcomcnfg.exe
- \Windows\System32\DeviceEject.exe
- \Windows\System32\DeviceProperties.exe
- \Windows\System32\dfrgui.exe
- \Windows\System32\djoin.exe
- \Windows\System32\eudcedit.exe
- \Windows\System32\eventvwr.exe
- \Windows\System32\FXSUNATD.exe
- \Windows\System32\hdwwiz.exe
- \Windows\System32\ieUnatt.exe
- \Windows\System32\iscsicli.exe
- \Windows\System32\iscsicpl.exe
- \Windows\System32\lpksetup.exe
- \Windows\System32\MdSched.exe
- \Windows\System32\msconfig.exe
- \Windows\System32\msdt.exe
- \Windows\System32\msra.exe
- \Windows\System32\MultiDigiMon.exe
- \Windows\System32\Netplwiz.exe
- \Windows\System32\newdev.exe
- \Windows\System32\ntprint.exe
- \Windows\System32\ocsetup.exe
- \Windows\System32\odbcad32.exe
- \Windows\System32\OptionalFeatures.exe
- \Windows\System32\perfmon.exe
- \Windows\System32\printui.exe
- \Windows\System32\rdpshell.exe
- \Windows\System32\recdisc.exe
- \Windows\System32\rrinstaller.exe
- \Windows\System32\rstrui.exe
- \Windows\System32\sdbinst.exe
- \Windows\System32\sdclt.exe
- \Windows\System32\shrpubw.exe
- \Windows\System32\slui.exe
- \Windows\System32\SndVol.exe
- \Windows\System32\spinstall.exe
- \Windows\System32\SystemPropertiesAdvanced.exe
- \Windows\System32\SystemPropertiesComputerName.exe
- \Windows\System32\SystemPropertiesDataExecutionPrevention.exe
- \Windows\System32\SystemPropertiesHardware.exe
- \Windows\System32\SystemPropertiesPerformance.exe
- \Windows\System32\SystemPropertiesProtection.exe
- \Windows\System32\SystemPropertiesRemote.exe
- \Windows\System32\taskmgr.exe
- \Windows\System32\tcmsetup.exe
- \Windows\System32\TpmInit.exe
- \Windows\System32\verifier.exe
- \Windows\System32\wisptis.exe
- \Windows\System32\wusa.exe
- \Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_65c949576945c2a9\fsquirt.exe
- \Windows\System32\oobe\setupsqm.exe
- \Windows\System32\sysprep\sysprep.exe
I checked in the RC and my code injection thing ( http://www.pretentiousname.com/misc/win7_uac_whitelist2.html ) still works so anything that wants to silently elevate under the default Win7 UAC settings still can.
I noticed that \Windows\System32\sdbinst.exe is still on the list, and that was one of those that the list for build 7000 marked as “interesting from an elevate my own code standpoint”.
By default user is in Administrators and HomeUsers groups. Does this injection still works if I remove user from Administrators group and add him to Users group (I will use local Admin. accaount for admin. tasks)? After this change UAC asks me Administrator password every time it needs to elevate. And nothing seems broken.
@Vitaliy:
The injection stuff only works if you’re running in admin-approval mode. If you’re doing over-the-shoulder elevation then nothing can silently created elevated “blessed” MS COM objects, not even Microsoft’s “blessed” executables like Explorer.exe, MSPaint.exe, Calc.exe, etc. Nothing can silently elevate at all. Same as if you turn UAC up to the always-prompt level, which gets you back to what was the default in Vista.
Switching to standard user accounts and over-the-shoulder elevation cannot be what Microsoft seriously expect people to do, though.
By adding silent elevation methods for their own code MS are acknowledging that Vista’s admin-approval UAC prompts were too annoying for too many users. (IMO, most of that annoyance was really due to the way Explorer etc. trigger far too many prompts, not the prompts themselves, but MS have chosen to give themselves a dodgy backdoor rather than refactor their code like everyone else is expected to, which is pathetic.)
Over-the-shoulder elevation is even more annoying than admin-approval mode, since you have to keep typing passwords instead of simply clicking buttons, so it’s hard to imagine MS seriously expect people to switch to that.
@ Leo
You have indeed risen a problem, I thought Microsoft guys have already taken care of that problem.
I like how msconfig is also there allowing 3rd party software to tweak any setting for startup, system services auto-run, and even disable uac entirely without UAC elevation.
Is it really that hard to implement a sudo style jail that can figure out basic user intent? If I open a dialog and decide to edit preferences in it prompt me and then don’t prompt me for that application again for a set period of time. Prompts are good, but crying wolf for every little detail is just as bad as allowing backdoors because your program managers are lazy.
There’s an open source application for WIndows XP and Vista called Surun http://kay-bruns.de/wp/software/surun/ , that solves the problem, that UAC was designed to solve. It allows you to run as normal user and to easily run programs with elevated rights and you don’t need to type any password. It also allows you to easily administer your machine.
What do you think? Why can’t MS do what a single open source developer has done?