When you start Microsoft Windows Vista have you encountered a warning message in the notification area like the one shown in Figure A that indicates that Vista has blocked a startup program? The reason that this type of warning is displayed is because Vista discovered a program that has User Account Control (UAC) restrictions in either the startup process or logon process. When this happens, Software Explorer blocks the program and displays the warning message in the Notification area.
When Software Explorer recognizes a UAC restricted program in the startup sequence, it blocks it and displays a warning message
To resolve the issue and run the blocked program, Microsoft recommends that you click the Blocked Startup Program icon in the Notification area, select the Run Blocked Program menu, and then click the program’s icon, as shown in Figure B. When you do, you’ll see a UAC and will have to respond accordingly.
While this system, and the recommended workaround, is designed to protect your computer from a malicious program sneaking into the startup folder or run registry key, it can be a real pain if the program is indeed something that you want to run at startup.
While it may seem that there is no standard way for you to allow a UAC restricted program to automatically run at startup within this security system, that’s not really the case. You can do it, if you use Task Scheduler.
In this edition of the Windows Vista Report, I’ll show you how to use Task Scheduler to make Vista run UAC restricted programs at startup.
Let’s suppose that the program that you want to have automatically run at startup is Event Viewer. As you know, when you launch Event Viewer, you must first go through a UAC. If you attempt to place the Event Viewer shortcut in the Startup group, Software Explorer will recognize that Event Viewer requires a UAC and will block it from running. You’ll then encounter a warning message like the one shown earlier in Figure A, when you log on.
To make Event Viewer run at startup via Task Scheduler, you must be logged on to the Vista system with an account that has Administrative privileges. To begin, click the Start button, type Task Scheduler in the Start Search box, and press [Enter]. In a moment, you’ll see a UAC and when you respond appropriately, you’ll see the Task Scheduler window as shown in Figure C.
Once Task Scheduler is up and running, you can create a new task for your UAC restricted program
In order to schedule a task to run Event Viewer at startup you’ll begin by clicking the Create Task item in the Actions panel. When the Create Task dialog box appears, you’ll assign the task a name in the Name box and type a description in the Description box, as shown in Figure D. At the top of the Security Options panel, you should see your administrative user account, which, as you can see, is the account that Task Manager will use to run the task. Next, select the Run With Highest Privileges check box and leave all the other settings in the default configuration.
Make sure that you select the Run With Highest Privileges check box
Now, you’ll need to configure an Event Trigger. To do so, select the Trigger tab and then click the New button. When you see the New Trigger dialog box, select At Log On from the Begin The Task dropdown. Select the Specific User or Group option, as shown in Figure E. If you normally log on to the Vista system with a Limited account, then click the Change User or Group button and select that account. Leave all the other settings in the default configuration and click OK.
You’ll configure the Event Trigger to begin the task as log on
At this point, you’ll specify Event Viewer as the Action. To do so, select the Action tab and then click the New button. When you see the New Action dialog box, click the Browse button and locate the Event Viewer MSC file. If you look at the Event Viewer shortcut on the start menu, its command line includes the /s argument, so you should type /s in the Add Arguments box, as shown in Figure F. Leave all the other settings in the default configuration and click OK.
To complete the operation, click OK to close the Create Task dialog box and then close Task Scheduler.
Testing your scheduled startup program
Since you configured Task Scheduler to launch your UAC restricted program using the Run With Highest Privileges setting, the UAC is essentially bypassed. And while this may seem like a hole in the security of startup system it’s not. As you’ll remember, I stated that security system designed to protect your computer from a malicious program sneaking into the startup folder or run registry key. However, since malicious programs are not able to create tasks in Task Scheduler without triggering some other security system, there is no way that a malicious program to sneak into the system using this technique.