Blue Iris Tools startup with elevated priviliges

pov2

Getting the hang of it
Joined
Sep 7, 2018
Messages
148
Reaction score
21
Location
Canada
This is to answer my own question from another thread: https://ipcamtalk.com/threads/bit-1-7-cpu-usage.30463/post-394043
The issue is BIT requires elevated privileges to start. When set to start when the PC boots it requires user interaction upon PC startup. I run BI as service and sometimes reboot that PC remotely without user interaction. I found how to startup an application with elevated privileges without user interaction. Instructions here: How to grant elevated privileges to a Windows 10 startup shortcut (to auto start WampServer)?
I actually wonder why BIT require elevated privileges...

EDIT: I discovered that while BI can run as service without user interaction and logon, BIT has a GUI and needs a user logon. I found the following instructions how to autologin and lock the PC upon reboot: Automatically Login and Lock Windows 8 on Startup
I chose Method 3 as the most secure and it works on the latest Windows 10. Maybe it can be useful to someone.
 
Last edited:

Mike

Staff member
Joined
Mar 9, 2014
Messages
2,681
Reaction score
1,995
Location
New York
Default folder for the installer is your program files folder which calls for BIT to have elevated permissions. Just disable the message that pops up and you wont have to worry about it.
 

pov2

Getting the hang of it
Joined
Sep 7, 2018
Messages
148
Reaction score
21
Location
Canada
Default folder for the installer is your program files folder which calls for BIT to have elevated permissions. Just disable the message that pops up and you wont have to worry about it.
I wasn't talking about the installation. Every time I ran the program itself it requested elevated privileges. None of my other programs in Program Files (x86) ask for elevated privileges, they are only needed for installation. Besides, on my Win10 I can't disable this prompt per application. I can disable it system-wide but I don't want to do it.

After looking further I found that the same folder had the "Blue Iris Tools.exe.manifest" file with the following content:

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<description>Blue Iris Tools</description>


<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>


Basically it was because of this manifest file with the requireAdministrator level. I removed that file from the folder and BIT does not ask for a prompt to run anymore.

Maybe you can modify the installer, so it won't have that manifest file. Unless BIT really needs elevated privileges.
 

pov2

Getting the hang of it
Joined
Sep 7, 2018
Messages
148
Reaction score
21
Location
Canada
Hmm... Without elevated privileges it can't autostart upon reboot and I guess it needs them because the text files are written within Program Files (x86) folder. I guess everything goes back how it was.
 

Mike

Staff member
Joined
Mar 9, 2014
Messages
2,681
Reaction score
1,995
Location
New York
I wasn't talking about the installation. Every time I ran the program itself it requested elevated privileges. None of my other programs in Program Files (x86) ask for elevated privileges, they are only needed for installation. Besides, on my Win10 I can't disable this prompt per application. I can disable it system-wide but I don't want to do it.

After looking further I found that the same folder had the "Blue Iris Tools.exe.manifest" file with the following content:

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<description>Blue Iris Tools</description>


<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>


Basically it was because of this manifest file with the requireAdministrator level. I removed that file from the folder and BIT does not ask for a prompt to run anymore.

Maybe you can modify the installer, so it won't have that manifest file. Unless BIT really needs elevated privileges.
I know what you were talking about and I was referring to that as well. You can disable when the prompt comes up. BIT needs elevated permissions so removing that file can cause issues with writing to registry, saving weather data, etc. I do not recommend deleting the manifest file.
 

pov2

Getting the hang of it
Joined
Sep 7, 2018
Messages
148
Reaction score
21
Location
Canada
Just disable the message that pops up and you wont have to worry about it.
Sorry for bringing this back. I don't quite understand what you mean by "disable the message". I was talking about the UAC prompt. It can't be disabled. It can be disabled system-wide but it's a bad idea security-wise. Were you talking about disabling the UAC prompt?

It looks like BIT needs elevated privileges only to write those txt files to Program Files folder. If you re-write the application to store those files in a user-accessible folder then there will be no need for elevated privileges, IMHO. It think Registry also has user-accessible parts.
 

Mike

Staff member
Joined
Mar 9, 2014
Messages
2,681
Reaction score
1,995
Location
New York
Sorry for bringing this back. I don't quite understand what you mean by "disable the message". I was talking about the UAC prompt. It can't be disabled. It can be disabled system-wide but it's a bad idea security-wise. Were you talking about disabling the UAC prompt?

It looks like BIT needs elevated privileges only to write those txt files to Program Files folder. If you re-write the application to store those files in a user-accessible folder then there will be no need for elevated privileges, IMHO. It think Registry also has user-accessible parts.
I meant disable it system-wide. If it's a dedicated PC to BI then you don't need the UAC prompt on, especially if you're the only person using it.

You can store the text files wherever you want, doesn't have to be in Program Files, that's just the default. Again, disabling elevated permissions for BIT is not recommended and will cause other issues besides just writing to the txt files. An alternative is to run BIT as a service which is mentioned on the forum in a few places. It's not a feature built into BIT yet.
 

pov2

Getting the hang of it
Joined
Sep 7, 2018
Messages
148
Reaction score
21
Location
Canada
I meant disable it system-wide. If it's a dedicated PC to BI then you don't need the UAC prompt on, especially if you're the only person using it.

You can store the text files wherever you want, doesn't have to be in Program Files, that's just the default. Again, disabling elevated permissions for BIT is not recommended and will cause other issues besides just writing to the txt files. An alternative is to run BIT as a service which is mentioned on the forum in a few places. It's not a feature built into BIT yet.
Thanks. I forgot about the other features of BIT that I don't use. It does need elevated privileges.

Disabling UAC system-wide is a bad idea regardless of the PC usage. Running BIT as service will kill the GUI, although it may be OK once the proper setting are set. I succeeded with the method I described in my OP. Run with elevated privileges automatically on startup and with GUI.
 
Top