Create Vista User Account

Question

I want to programmatically create a logon account in Windows Vista with UAC enabled.

I have an OCX that creates a user account and it has worked for years on NT and XP, but now our application fails with Access Denied when creating the account on Vista. If our customers turn off UAC then setup that app it works fine. However, it is not acceptable to have our users turn off UAC AND REBOOT before finishing configuring our app.

Answer 1

If you run your application with administrator privileges in Vista, then does it work?

You can also create a COM object with elevated privileges using this code:

HRESULT __stdcall CreateElevatedComObject(HWND hwnd, REFCLSID rclsid, REFIID riid, __out IUnknown ** ppv)
{
    OSVERSIONINFO ver={sizeof(ver)};
    if (GetVersionEx(&ver) && ver.dwMajorVersion > 5)
    {
        BIND_OPTS3 bo;
        WCHAR wszCLSID[50];
        WCHAR wszMonikerName[300];

        if (StringFromGUID2(rclsid, wszCLSID, ELEMENTS(wszCLSID)))
        {
            HRESULT hr = StringCchPrintf(wszMonikerName,
                ELEMENTS(wszMonikerName),
                L"Elevation:Administrator!new:%s",
                wszCLSID);
            if (FAILED(hr))
                return hr;
            memset(&bo, 0, sizeof(bo));
            bo.cbStruct = sizeof(bo);
            bo.hwnd = hwnd;
            bo.dwClassContext  = CLSCTX_LOCAL_SERVER;
            return CoGetObject(wszMonikerName, &bo, riid, (void **)ppv);
        }
        return E_FAIL;
    }
    else
        return ::CoCreateInstance(rclsid,NULL,CLSCTX_ALL,riid,(void**)ppv);
}

Running under UAC, it will present an elevation dialog. The object will run out of process in dllhost (I think) but with full admin privileges.

Also look at the step by step guide for UAC in Vista.

Answer 2

Here's another article about dealing with UAC when deploying. Having been through some vista deployment issues already, all I can say to you is good luck. :)