User Account Control (UAC) is a feature in all modern versions of Windows which restricts the permissions of applications under normal circumstances, and prompts the user whenever elevated permissions are required to perform a particular operation - for example, updating the application's files.
ContactsLaw requires local administrative privileges in order to install updates to itself and its
plug-ins. Local administrators are not the same as domain administrators; in an environment using Active Directory to manage users and user permissions, local administative permissions only grant access to the computer running ContactsLaw, and have no affect on network services and/or data.
Due to this requirement, a UAC prompt will appear when ContactsLaw is started from the Desktop or Start Menu and a new update is available. Clicking 'Yes' on this prompt grants local administrative permissions to ContactsLaw, allowing it to install updates. ContactsLaw will not start if you select the 'No' option on this prompt. CPMS digitally signs its software; if you do not see the following prompt, or it does not bear the company name ContactsLaw Practice Management Software Pty Ltd, do not start the program.
The update process occurs in two stages, each of which may present a UAC prompt:
An installer (bootstrapper) application checks for and installs any updates to ContactsLaw, then starts the main application.
ContactsLaw checks for and installs any updates to its plug-ins during startup. This also occurs if you uninstalled plug-ins during the previous session.
Once the update check has been performed, ContactsLaw runs with standard (medium integrity level) permissions, and will behave as normal in a UAC environment. However, there are some implications in other applications that ContactsLaw integrates with:
Microsoft Outlook
Outlook is a single-instance (or mutually-exclusive) application; there is only ever one copy of the program running at any given time. A problem arises if ContactsLaw is run with elevated permissions (using the 'run as Administrator' option) and Outlook is not, or vice-versa. In this scenario, the two applications cannot communicate due to the mismatched security tokens, and ContactsLaw cannot start a new instance of Outlook in the correct mode (since only one is permitted). However, both ContactsLaw and Outlook may be run with either standard or elevated permissions, so long as they are started in the same manner.
Running ContactsLaw with different permissions
In certain situations, you may wish to change the integrity level that ContactsLaw runs at. You can do this by setting the IntegrityLevel registry key.
This is a DWORD value and the following values are supported:
- 0 = low integrity level
- 1 = medium integrity level (the default)
- 2 = high integrity / administrator priviledges