I have released the first version of User Account Control Automation Assistant [UacAA] that can be downloaded here:
Key features include:
- Programmatically automate the User Account Control [UAC] elevation and credential dialog boxes on the standard or secure desktop on Vista and Windows 7 (x64/x86)
- Requires no tweaking to your environment, no digital certificates, no modifications to your UAC settings and no application manifest modifications. Install and go!
- Can be driven from any programming language or scripting environment – including C#, VBScript, Perl, PowerShell or (if you’re really hard) C++. Extensive samples are provided in C# and VBScript.
- Dialogs can be automated by any user at any privelege level – ideal where elevated applications need to be launched as part of a test.
UacAA might be handy for:
- Launching elevated applications as part of your automated test suite to modify the environment between tests.
- Integration / smoke testing where UI automation is not a primary objective but where User Account Control automation is required.
- Testing your application behaves correctly under Uac!
- Running your integration tests on an isolated P2V-SOE production clone without making any changes to the environment whatsoever.
- Reducing the number of snapshots and virtual machine baselines that need to be managed.
- Automating security-related tests that were previously manual in nature.
How it works:
- Set an expectation that a User Account Control dialog box is to be displayed and indicate what to do when it is – such as enter credentials and Confirm it.
- Do something that requires elevation such as launching an application.
- In the background, UacAA is monitoring for the presence of the UAC dialog – if it appears, the dialog will be automated according to your expectation so that your application can continue.
- Optionally ask UacAA what it has just done and the kind of dialog that was displayed (elevation vs credentials) and the desktop on which it appeared (standard or secure)
- This version will automate only one dialog per expectation – it is currently not possible to say "enter these credentials and select Confirm whenever UAC dialogs appear from now on"
Microsoft has provided a way of automating User Account Control by leveraging its UI Automation technologies – but this involves UAC modifications, installation of digital certificates and an application with UIAccess rights for UI automation. This level of security is clearly required in production environments where trust (obtained via the certificate) is paramount because otherwise we would back in the days of the “shatter attack” (UAC appears on the Secure Desktop to prevent exactly that kind of attack!).
In test environments – where free text passwords tend to lay around with wanton abandon – you just want the darn dialog to go away but to otherwise retain UAC.
UacAA lets you do this.
Where the Microsoft supported way is convenient, it should be adopted. Where it is inconvenient, or where perhaps integration testing is the objective and no infrastructure or applications are around to facilitate UI automation easily, UacAA might fit the bill. UacAA should only be used on test environments and never installed on server or systems where arbitrary content from the Internet can be executed.
UacAA must absolutely not be used as a hackey-wackey way of executing scripts that require elevation on desktop systems!