Is there a way to accept UAC prompts with QTP?

Question

I have created an automated test that needs to run an executable file (in this instance, an uninstall script). This causes Windows 7 to display a User Account Control prompt that needs to be accepted before the QTP test can continue.

As it stands, I had to lower UAC to the "do not dim my desktop" level in order to even add the dialog to the Object Repository. I tried recording clicking the Yes button, but QTP didn't notice my actions, so I had to manually add the object.

Even then, when I add the line Dialog("User Account Control").WinButton("Yes").Click, I receive Unspecified Error from QTP.

Edit: I've also tried using the code below to click on an arbitrary point on the screen (where the "Yes" button just happens to be).

Set dr = CreateObject("Mercury.DeviceReplay")
dr.MouseClick 1030, 550, LEFT_MOUSE_BUTTON

The good news is the cursor lands right on the "Yes" button, unfortunately the click doesn't work.

Is there any way for QTP to accept the UAC prompt, without disabling UAC altogether?

Answer 1

I do not know what QTP is, but the problem is that it is trying to click buttons it is not allowed to.

Windows prevents applications from programmatically clicking on the Consent dialog. This is done to prevent what is known as a Shatter Attack. Also, if code was allowed to see and click the UAC consent dialog, malware could click the UAC prompt itself.

There is a mechanism to allow programs to declare that they need to be able to drive the user interface; allowing software to see, and click on, the UAC dialog. It is a serious enough security risk that the application needs to:

• be digitally signed
• be run from Program Files

Declare that you need the right

If you ask the developers of QTP to alter their assembly manifest; turning on the **uiAccess=true** option:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 

    <!-- Disable Windows Vista UAC compatability heuristics -->
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges>
                <requestedExecutionLevel level="asInvoker" uiAccess="true"/>
            </requestedPrivileges>
        </security>
    </trustInfo> 
</assembly>

and then they digitally sign the QTP executable, and then install it in Program Files, then it will be able to click the UAC dialog.

Bonus Reading

From Chris Jackson's Using the uiAccess attribute of requestedExecutionLevel to Improve Applications Providing Remote Control of the Desktop:

Now, most people don’t really understand what this is for, and the UAC manifest is typically just a copy/paste affair. But it pays for the remote desktop developer to pay attention to it. For any regular piece of software, you generally want to stay away from it – it’s dangerous, and sidesteps a significant security feature (UIPI). But if you are remoting the desktop, it’s precisely what you want – you need to be able to see everything!

It’s dangerous enough, in fact, that we won’t allow you to set it without digitally signing your application. By default, you also have to have it installed in a secure location (such as Program Files).