User Account Control is a feature of Windows Vista and Windows 7 that prompts the user for permission to continue as the software may change settings on the system.
On Windows 7, Attix5 triggers UAC prompts.
UAC is not always a popular feature, and administrators and users alike often seek to minimise its impact.
There are several ways this is commonly done:
Turning off UAC completely
Configuring the compatibility mode of each affected executable to run with administrative privileges
Setting operating system compatibility for each affected executable
Granting users administrative privileges
Some of the above measures may compromise security policy, and may not be acceptable for an organisation seeking to use Attix5.
UAC whitelisting offers an alternative, allowing Attix5 to be run without prompts and does not require administrative privileges.
There are both 32 and 64-bit versions of this which are required for the appropriate Operating System.
As Administrator, start the “Compatibility Administrator” application.
When started, this should automatically open a New Database.
Note: If editing an existing database, open the existing .sdb file and proceed as normal.
Right click and navigate to Create New > Application Fix. This will launch a wizard.
Enter the name of the program, Attix5 as the vendor, and enter or browse to find the program file path (this case the A5Tray.exe located in the Backup Client SE folder) . For the program name, it is recommended to enter the application version so that versions can be tracked easily. Click Next.
On the Compatibility Modes page, check the RunAsInvoker checkbox and click Next.
Nothing needs to be checked on “Compatibility Fixes”, click Next.
On the Matching Information page, the following options will be automatically checked:
Note: Unchecking all the options apart from COMPANY_NAME and PRODUCT_NAME
Repeat steps 1 - 6 for A5Loader / SERunner or all other appropriate executables.
Using Save As in the file menu, save the database to an administrator accessible location as a .sdb file.
From an Administrator command prompt, navigate to the filepath where the sdb is saved and run the command “sdbinst ”.
Note: If the sdb has already been installed, you will be prompted to update it. Answer “Yes”.
After the database has been installed, log off as administrator and in as a user. UAC alerts should no longer be triggered.
Note: As usual, users will still need write permission to the Attix5 installation directory and any working directories that have been configured. Also note that if the system tray application does not launch automatically at startup for users, you should check in Windows Task Scheduler and ensure that “When running the task use the following account” is set to “Users”.
If you do find that an updated client is being caught by UAC, this can be rectified by editing the existing database.
As administrator, open the database and add the updated executables using the same procedure as before.
By including their versions within the “name” field, it is possible to add multiple versions of the application to the UAC whitelist. This can allow for an upgrade path, where different client versions have been whitelisted in advance and so should not trigger UAC alerts.
To minimise administrative overhead, it is possible to copy the sdb file from one machine to another, and install it with just the “sdbinst” command. The Compatibility Toolkit installation is not required. Tools such as Group Policy can be used to push sdbs out to an Active Directory environment. See Microsoft’s Technet for more details: http://technet.microsoft.com/es-es/library/cc739954%28WS.10%29.aspx
Alternative to creating an MSI package, you can create a NETLOGON script that maps a share on your network containing the SDB files and use the same NETLOGON script to install the databases. See example below;
Create a network share called “Account Control” and ensure that everyone has full access to it
Copy the .SDB files created from the Attix5 FAQ above into the network share
Create a DOS Script that maps the network share and installs the databases and save the file as a .cmd file
The script should look similar to this:
Net use S: \\FileServer\AccountControl
S – This is the available drive letter you want to assign to the network share.
The recommended deployment model is to install and test UAC on a “pilot” machine, adding each new version of the Attix5 Client to the database as it becomes available. This database can then be pushed out to clients and installed or
FileServer – The name of the server which contains the network shared create in Step 1.
AccountControl – The name of the actual network share
Uac-whitelist32bit and 64bit.sdb are the database names specified when creating the SDB files.