Reference

Unblocking Elevated Startup Programs in Vista

Windows Vista significantly changed the way applications are handled when the user logs on. The system now blocks elevations in the user's logon path, which prevents users from running programs on startup that require administrator privileges. Unfortunately, Vista provides no way of permanently unblocking a startup program. This article will describe a clean and quick workaround to get the same result.

Tags: windows

Background

In Windows Versions prior to Release Candidate 1, all programs launched on startup (i.e. from the Startup folder or the Run registry key), and that required elevated permissions to run without being properly set up to run on Vista, generated their own UAC popup window to let users know that these programs had been blocked from execution.

In RC1 and later, Microsoft has changed this behavior into a slightly less annoying version, which displays a single, small balloon message in the notification area of the taskbar, informing users that Windows has blocked some startup programs. Either way, the programs still won't start, which represents a serious problem to anyone wishing to automatically run non-Vista enhanced software, such as automatic update tools, DynDNS tools or FTP servers.

The correct solution for this issue would be to have software vendors update their applications. However, this is not always possible, as certain products might get updated very rarely, or might no longer be maintained at all. There is currently no way to permantently unblock startup programs in Windows Vista, except for disabling UAC. Fortunately, we can circumvent the startup problems alltogether by taking advantage of the Windows Task Scheduler.

Solution

The workaround proprosed in this article is to launch the affected applications through Windows Task Scheduler. It has the ability to launch programs or batch files on system startup with the credentials of a specified user account and with the highest privileges. To automatically launch a non-Vista enhanced application with administrative privileges on Vista, simply perform the following steps:

  1. Remove the program from the Startup folder or the Run registry key
  2. Launch the Task Scheduler (Start Menu → All Programs → Accessories → System Tools)
  3. From the Actions panel on the right, select Create Task...
  4. Go to the Security Options on the General tab
    • Select an user account with administrative privileges
    • Select the radio button Run only when user is logged on
    • Check the box Run with highest privileges
  5. Go to the Triggers tab and click New...
    • In Begin the task, select At log on
    • In the Settings options, select All users
    • In the Advanced Settings options, check the box Enabled
    • Click OK to close the dialog
  6. Go to the Actions tab and click New...
    • For Action, select Start a program
    • In the Settings options, browse for the Program/Script you want to execute on startup
    • Click OK to close the dialog
  7. Go to the Settings tab
    • Check the box Run task as soon as possible after a scheduled start is missed
    • Uncheck the box Stop the task if it runs longer than
    • Make any other desired settings
    • Click OK to save and close the task properties.

The specified program will now be automatically launched every time the system restarts and some user logs on. When Task Scheduler launches the program for the very first time, Windows Defender will block it and give you the option to unblock it permanently.

Related Resources

The new blocking behavior of Windows Vista RC1 and later has been originally announced on the UAC Blog on MSDN. Software developers should also read Microsoft's instructions on how to add Vista support to existing applications, which also explains the rationale for this new startup behavior in Vista.