Today while working on a Windows 10 machine, I had the need to open the Device Manager for some hardware maintenance. While opening the Windows Device manager I noticed that there was no UAC prompt when I started it. This was a little strange because the Device Manager exists as a Management Console snap-in in
%systemroot%\System32\devmgmt.msc and is launched by
When you start the Device Manager,
mmc.exe is launched with
%systemroot%\System32\devmgmt.msc as an argument.
Independently, the Microsoft Management Console requires elevation to run. When you go to run and launch
mmc.exe, Windows will ask you to allow elevation using the UAC prompt.
1. Go to Start run and type
devmgmt.msc. Notice that there is no UAC prompt.
2. Once the Device Manager opens, goto Help > Help Topics
5. Using notepad’s File > Open menu, navigate to the System32 directory.
6. Set the File type to “All files (*.*) and right click select “Run as Administrator” on
whoami /privto check that you have a lot of privileges available now (disabled but available).
8. The process tree also shows that the
cmd.exethat was spawned was started with High Integrity level.
Please note, according to Microsoft, UAC bypasses are not a security problem as UAC is a convenience feature (more references in that page).
Other UAC Bypass references
4. https://habrahabr.ru/company/pm/blog/328008/ [Use Google translate, worth reading]