Click here to Skip to main content
Click here to Skip to main content

How to Elevate Your Application at Windows Startup in Vista

, 17 May 2008 CPOL
Rate this:
Please Sign up or sign in to vote.
An article on elevating an application at Windows startup in Vista


This article describes how to elevate your program in Windows startup in Vista. Elevating an application is so easy, but it's not easy registering an application in startup.


This article requires readers to have some background.
Firstly, it's important to understanding Vista's UAC. UAC is too complex to understand. Hence, this article does not have any information about UAC.
Secondly, MFC and API knowledge are required since the sample code of this article uses MFC and API.

Vista and Windows Startup

Many programs need to run at Windows startup.

In Windows XP, run at startup was not big deal. But, it became a big deal in Windows Vista. Windows Vista's new protection features restrict a startup program which wants to run as administrator. (It needs to elevate.)

If your application does not need an administrator privilege, there is nothing to do for migration to Windows Vista. But, if your application need an administrator privilege, your application can't run at startup because Vista's new protection blocks your program.

It seems to be impossible to run an administrator privileged program at Windows startup in Vista. But, there is a way to do it (even if it is not the same as XP).

This article describes Windows Vista's protection and a possible method to figure out our problem.

Another Way

To find another way, we have to think about the architecture of protection software. Start with this:

"Windows Vista is allowed to run software which does not need an administrator privilege."

So, one possible method is as follows:

  • We have to create a normal program which does not need an administrator privilege. (New protection does not block none privilege application.)
  • That normally has to elevate itself with CreateProcess and terminate.

The following pseudo code shows it:

void Main()
    if(IsVista() == TRUE && Elevation() == FALSE) {

C++ Code (MFC)

Pseudo code is easy, but real code is not.

CString g_szProgramFolder;
CString g_szCmdLine;

BOOL RunAsAdministrator(LPSTR lpszFileName, LPSTR lpszDirectory)

    TempInfo.cbSize = sizeof(SHELLEXECUTEINFOA);
    TempInfo.fMask = 0;
    TempInfo.hwnd = NULL;
    TempInfo.lpVerb = "runas";
    TempInfo.lpFile = lpszFileName;
    TempInfo.lpParameters = "runasadmin";
    TempInfo.lpDirectory = lpszDirectory;
    TempInfo.nShow = SW_NORMAL;

    BOOL bRet = ::ShellExecuteExA(&TempInfo);

    return bRet;

BOOL CMFCApplication::InitInstance()
    char szCurFolder[1024] = { 0, };
    GetModuleFileName(GetModuleHandle(NULL), szCurFolder, 1023);

    CString szFullPath = szCurFolder;
    szFullPath = szFullPath.Left(szFullPath.ReverseFind('\\'));

    g_szProgramFolder = szFullPath;

    CCommandLineInfo oCmdLineInfo;

    g_szCmdLine = oCmdLineInfo.m_strFileName;

    if(IsVista()) {
        if(stricmp(g_szCmdLine, "elevation") == 0) {
            char szCmdLine[1024] = { 0, };
            char szCurFileName[1024] = { 0, };
            GetModuleFileName(GetModuleHandle(NULL), szCurFileName, 1023);

            BOOL bRet = 
                RunAsAdministrator( szCurFileName, (LPSTR)(LPCTSTR)g_szProgramFolder );

            if(bRet == TRUE) {
                return FALSE;
        } else if(stricmp(g_szCmdLine, "runasadmin") == 0) {
            // go trough!.
        } else {
            char szCmdLine[1024] = { 0, };
            char szCurFileName[1024] = { 0, };
            GetModuleFileName(GetModuleHandle(NULL), szCurFileName, 1023);

            sprintf(szCmdLine, "\"%s\" elevation", szCurFileName);

            WinExec(szCmdLine, SW_SHOW);

            return FALSE;

Points of Interest

RunAsAdministrator function returns FALSE when a user selects 'Cancel'. So, you can execute a program repeatedly until the user selects 'Allow'.


  • 2008-05-16: First released


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Yonghwi Kwon
Software Developer
United States United States
I started to write software since 1999 and have developed various products including security solutions and system utilities.
Microsoft Visual C++ MVP (from 2008 to present)

Comments and Discussions

GeneralWindows damaged after run application as elevated to write to registry [modified] PinmemberHa_Tim15-Nov-09 21:22 
GeneralFull source code Pinmemberlemonlyt31-Mar-09 1:41 
GeneralProcessShellCommand() reports error Pinmemberkuan deng18-Mar-09 7:05 
GeneralRe: ProcessShellCommand() reports error PinmemberHa_Tim16-Nov-09 18:09 
GeneralSource code PinmemberMasterPr23-Jun-08 0:38 
GeneralRe: Source code PinmemberMember 392808218-Sep-08 1:21 
GeneralRe: Source code Pinmemberlzf897724-Oct-08 2:00 
GeneralBuffer overflow Pinmembermav.northwind17-May-08 21:51 
GeneralRe: Buffer overflow PinmemberKwon Yong Hwi18-May-08 5:36 
GeneralRe: Buffer overflow PinmemberSteveKing18-May-08 20:23 
GeneralRe: Buffer overflow PinmemberKwon Yong Hwi19-May-08 4:54 
GeneralRe: Buffer overflow PinmemberMihai Nita19-May-08 9:26 
GeneralRe: Buffer overflow PinmemberKwon Yong Hwi19-May-08 14:45 
GeneralRe: Buffer overflow PinmemberMihai Nita22-May-08 14:42 
GeneralYou shouldn't display an elevation prompt at login PinmemberDaniel Grunwald17-May-08 7:13 
Having to confirm a UAC prompt to login will annoy the user extremely.
That's why Vista blocks elevation prompts for startup programs.
If you need to run an application with administrator rights on logon, you have two choices:
1) Start it using the task scheduler. You can start silently elevated apps on logon this way. WARNING: if your application has any way to start other programs on the user's request (e.g. it's displaying a "Open file" dialog where the user could Right-click>Run on .exe files), that's a security vulnerability!
Better (and suggested by Microsoft):
2) Make your app not require administrator rights. For actions where administrator rights are absolutely required, make the app call into a Windows service running in the background with the necessary permissions. Here, too, you need to take care that your service is secured correctly, but this approach is better because here less code needs to run with admin privileges.
GeneralRe: You shouldn't display an elevation prompt at login Pinmemberaxelriet17-May-08 16:00 
GeneralRe: You shouldn't display an elevation prompt at login PinmemberLeo Davidson18-May-08 8:36 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150129.1 | Last Updated 17 May 2008
Article Copyright 2008 by Yonghwi Kwon
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid