Wednesday, December 1, 2010

APC UPS PowerChute Personal Edition 3.0 를 Windows 7 UAC 하에서 사용시

최근에 APC 홈페이지에 UPS모니터링 소프트웨어인 PowerChute Personal Edition 3.0 이 올라와서 설치해 봤습니다.

기존 2.1.1 에서 뭔가 달라진 점은 못느끼겠는데 대신 문제점이 하나 생겼습니다.

윈도우7의 UAC를 사용하는 경우 윈도우 시작시 시스템트레이에 등록될 때 이를 허용하겠냐는 메시지가 항상 뜹니다.

아래 이를 해결하는 방법입니다만

저는 불편해서 그냥 2.1.1로 돌아갔습니다만 어쩐일인지 윈도우 시작시에 status display 아이콘이 뜨지를 않는군요.

어쨌건 윈도우의 UAC를 그대로 사용하고 싶고 3.0도 사용하고 싶으신 분은 참고해 보세요.

User Account Control requires permission before APCSYSTRAY.exe will start upon login after installing PowerChute Personal Edition 3.0

Published 11/02/2010 11:31 AM   |    Updated 11/02/2010 01:08 PM   |    Answer ID 11148
Why am I prompted to allow system changes by UAC on Windows Vista or Win7 upon login before APCSYSTRAY.exe will run after installing PCPE 3.0?
Due to design changes in PCPE 3.0 (like display of balloon notifications for software updates, configuring of cost per unit power, turn on devices immediately), systray accesses/modifies registry hives to display notifications. Because of this, UAC requests permission/user intervention upon login. With the older PCPE 2.2, APC Systray was not accessing (or modifying) Windows registry hive specific to PowerChute Personal Edition and that is why UAC did not request permissions.
To support registry access/modification, any windows exe requires elevation. Windows, before elevating any executable, checks if it is accompanied with a manifest file. If yes, based on the security policy on the specific system, the UAC prompt appears. If there is no elevation (no manifest file), then for that user a separate virtual store (Registry Virtualization) of registry entries will be created.
Since only one set of entries needs to be maintained for data integrity, PCPE 3.0 design has been done by embedding a manifest file so as to avoid creation of virtual store when the application is run in admin/non-admin credentials.
The question as to why you are getting the UAC pop up even though you have logged in as administrators on Vista and Win 7, is due to Microsoft security measures. Though you have administration privileges, you still do not have 100% privileges because of UAC.
As a work around, if the prompting for user consent is annoying for those logged in as an administrator, you can change the UAC behavior by altering the security policy in Windows. However, this work around goes with aDISCLAIMER that Windows will no longer prompt the UAC window for any application which needs to be elevated when the user is logged in as administrator and APC / Schneider Electric does not recommend making this change.
The change in security policy can be attained using the following steps (note: the UAC is still enabled, but more privilege is given to admin):
1. Start -> Run
2. Type secpol.msc and hit enter. Local Security Policy window appears.
3. on the left navigation panel, click on local policies -> Security Options.
4. On the right panel, scroll below until you see "User Account Control: Behavior of the elevation prompt for administrators in admin approval mode".
5. Double click this option which opens a window. Navigate to Local security setting tab, select "Elevate Without prompting" from the drop down and apply the changes.
Once the setting is committed, restart the system and you no more see the prompting if the logged on user is administrator.
The other option is the stop UAC all together. This option is also not recommended by APC / Schneider Electric.

No comments:

Post a Comment

로그인하지 않아도 댓글을 달 수 있습니다.