Versions Compared

Old Version 6

changes.mady.by.user Anonymous

Saved on

compared with

New Version 7

changes.mady.by.user Anonymous

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Sometimes it is complicated to determine which process or program needs to be managed by ACS to prevent the UAC prompts.  Hereafter are described two methods to help determine which process to have ACS act on.

 Note:  This information is also relevant to figuring out which process ACS needs to elevate permissions or privileges on.

Option 1 

The first and often easiest method is to simply run the process or program to the point where the UAC prompt appears.  In the lower left-hand corner is the "Show Details" link (or in this case the "Hide Details" link as Show Details was already clicked on).  Select that and then in the details section in the top of the page will be expanded and show the file which is attempting to be initiated and which is causing the UAC prompt [See the detail "Program location" surrounded by the Orange box in the image below.].  This is then almost always the file which needs to be managed by ACS with an Application Initiation policy.

...

  1. Search for "process start" in the ACS_.log files and put the PID in the table.
  2. Then search forwards and backwards for the PIDs in question and fill out the rest of the table.  Note:  If the process did not finish then there will be no end time.  Just use the last entry time.
  3. Then evaluate the data in the table and see which process needs the Application Initiation policy or a standard Application Control policy with a Rights Action (maybe including the using the Users unrestricted token).

Option 3

Use Process Explorer from the former SysInternals (now with Microsoft) - Process Explorer download

Run Process Explorer and by default it will show the hierarchy of the processes running on the computer.  Elevating or applying UAC to the parent process and allowing it to flow to child processes if necessary will usually be the correct action.  Process Explorer can be used to find out what process or process family runs a window or parts of a window.  With Process Monitor there is an icon on the menu bar which looks kind of like a target.  Clicking and dragging on that icon over any window on the screen will highlight part or all of the window.  When the item which needs to be elevated is highlighted release the mouse button and Process Explorer will  highlight in its list of processes the process which runs that window or part of a window.  That process or its parent process would be the appropriate place to test elevating the process to see if it is the corrrect process.