proper requirements to test in house before buying an EV to interact with the secure desktop

Question

proper requirements to test in house before buying an EV to interact with the secure desktop

David Perry 40

Hey there,

Been in business since 1997, I have approx 2,800 customers I help remotely... currently paying for Anydesk or Teamviewer depending on who is cheaper at the time. To save money, we're programmers as well so we thought we would just make our own... already done an unpolished version that works... BUT... UAC is the problem.

My question is... we are having a problem figuring out how to interact with the secure desktop in a PROPER and Microsoft approved way.

Our program works but naturally, as soon as the UAC prompt is triggered, we can't see what is happening. We manually go over to our test bench, click the UAC prompt, and voila... we can continue remote controlling our test machine and interacting with the elevated cmd prompt or program...

WHAT WE TRIED:

We tried self signed certs for in house testing. Windows says our certs are OK. But, despite making a Remote Control program, a Client and a service running as SYSTEM... we can't figure out how to communicate with the secure desktop. We installed our self signed certs into Root and Trusted in 4 locations. Still won't elevate the token, or talk to the secure desktop.

I assume it's because of the self signed cert...

I do know eventually I will HAVE to buy an EV certificate. That's not a problem when the project is completed for commercial use... but, due to other work commitments it's going to take a while to finish this project so, we want to save as much money as possible in the meantime... EV's in Canada are expensive for a small business. Almost $1k a year.

My question is... will buying the monthly Azure Code Signing cert allow our software written in C# to interact with the secure desktop, elevate tokens, etc...

Also, in case we are doing something wrong... where do we find the information to make these products? Where are all the API calls and ways to accomplish these tasks we are trying to do?

In the old days... lol, I purchased "Mapping the Commodore 64" and it told me everything about the machine. Loved that book. These days we have AI, websites, etc but no real "book" on the OS and how to do things...

I did ask AI and AI kept making up fanciful solutions to the problem. "Oh ya... a self signed cert will 100% work!!!" and then later "it won't work"... so, we asked "would buying an Azure Code Signing cert solve the problem and we get mixed results...

So, as an old school programmer... I am unfamiliar with windows programming... this remote control project is my first decent Windows program anyways. We have dozens more to follow but to save money and time now, we made this one first to save paying Anydesk money every year.

So, any help? What works? What can we use internally FIRST before dropping money on EV's?

Please don't go by what AI says... it makes up stuff... and on this topic, it ignores the Jan - April 2026 hardenings.

Any NON AI programmers out there who can help guide us in the right direction?

Thank you!

David Perry

Perry Computer Services (Canada)

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

RLWA32 52,566

I did a test on Windows 10 22H2 ESU. Because the secure desktop (Winlogon) has a very restrictive security descriptor only the SYSTEM account has the necessary permissions to manipulate the UAC consent prompt dialog.

A process running in the user's interactive session as SYSTEM received the EVENT_SYSTEM_DESKTOPSWITCH notification that the secure desktop was active (displaying UAC consent prompt). Upon receiving the notication the process starts a new thread that connects to the secure desktop using the Windows API function SetThreadDesktop. The thread initializes COM in the MTA, creates the Automation COM object and uses the Windows API FindWindow function to obtain a handle to the consent prompt dialog. Then it obtained the dialog's IUIAutomationElement and used that to locate and invoke IUIAutomationElement of the "Yes" button to allow the elevation request. The test did not use keystrokes.

Following is the thread procedure that does the work -

DWORD __stdcall UIAConsentProc(PVOID pv)  // Handle to Winlogon Desktop obtained from Winevent handler
{
    CCoInitialize init(COINIT_MULTITHREADED);
    HRESULT hr{ E_FAIL };

    HDESK hDesk = *((HDESK*)pv);

    if (!SetThreadDesktop(hDesk))
        Report(_T("SetThreadDesktop failed with %d\n"), GetLastError());

    // Sleep to allow time for UAC consent prompt to be created on the secure desktop
    Sleep(1000);
    if (SUCCEEDED(init))
    {
        CComPtr<IUIAutomation> pAuto;
        hr = pAuto.CoCreateInstance(CLSID_CUIAutomation8, nullptr, CLSCTX_INPROC_SERVER);
        if (SUCCEEDED(hr))
        {
            HWND hwndCreds = FindWindow(_T("Credential Dialog Xaml Host"), nullptr);
            if (hwndCreds)
            {
                CComPtr<IUIAutomationElement> pWindow;
                hr = pAuto->ElementFromHandle(hwndCreds, &pWindow);
                if (SUCCEEDED(hr) && pWindow)
                {
                    CComPtr<IUIAutomationCacheRequest> pCacheRequest;
                    hr = pAuto->CreateCacheRequest(&pCacheRequest);
                    if (SUCCEEDED(hr) && pCacheRequest)
                    {
                        hr = pCacheRequest->AddPattern(UIA_InvokePatternId);
                    }
                    else
                        Report(_T("CreateCacheRequest, hr: 0x%X, pCacheRequest: %p\n"), hr, pCacheRequest);

                    CComPtr<IUIAutomationCondition> pTypeCondition, pIdCondition, pCondition;
                    CComVariant vButton(UIA_ButtonControlTypeId), vID(L"OkButton");

                    hr = pAuto->CreatePropertyCondition(UIA_ControlTypePropertyId, vButton, &pTypeCondition);
                    hr = pAuto->CreatePropertyCondition(UIA_AutomationIdPropertyId, vID, &pIdCondition);
                    hr = pAuto->CreateAndCondition(pTypeCondition, pIdCondition, &pCondition);

                    if (FAILED(hr) || !pCondition)
                        Report(_T("CreatePropertyCondition, hr: 0x%X, pCondition: %p\n"), hr, pCondition);

                    CComPtr<IUIAutomationElement> pYesButton;
                    hr = pWindow->FindFirstBuildCache(TreeScope_Children, pCondition, pCacheRequest, &pYesButton);
                    if (SUCCEEDED(hr) && pYesButton)
                    {
                        CComPtr<IUIAutomationInvokePattern> pInvoke;
                        hr = pYesButton->GetCachedPatternAs(UIA_InvokePatternId, IID_PPV_ARGS(&pInvoke));
                        if (SUCCEEDED(hr) && pInvoke)
                            pInvoke->Invoke();
                    }
                    else
                        Report(_T("FindFirstBuildCache failed hr: 0x%X, pOK: %p\n"), hr, pYesButton);
                }
                else
                    Report(_T("Failed to obtain IUIAutomation element, hr: 0x%X, pWindow: %p\n"), hr, pWindow);
            }
            else
                Report(_T("Failed to find UAC consent prompt window\n"));
        }
        else
            Report(_T("Failed to create Automation Object, 0x%X\n"), hr);
    }
    else
        Report(_T("COM initialization failed: 0x%X\n"), (HRESULT)init);

    return 0;
}

David Perry 40 Reputation points

2026-04-23T13:58:53.7833333+00:00

RLWA32 - thank you for your reply... what I'll have to try is your code on a Win 10 machine and see if we can get that working...(we did all our creating, and testing only on Win 11's latest version after the hardening).

I do know in 2026 Microsoft hardened a lot of pathways but, if we get it working on Win 10, then we can figure out a way to get it working in Win 11's latest version. For our testing we should have tried Win 10 first to make sure all our pathways work. I will be able to program in about a week and test this out.

I won't forget to come back here and let you know how this worked out. We're just doing the vapour barrier in our home this week.

If you have time, can you spin up a virtual machine and try this on Win 11 25H2? It may not work on Win 10 1607 and later...

Thank you for your time.

David Perry
RLWA32 52,566 Reputation points

2026-04-23T14:22:54.7833333+00:00

@David Perry, Sorry, but I don't have access to a Win 11 system.

However, my test was performed on a Win 10 22H2 system that has received the January 2026 update containing the credential autofill hardening.
David Perry 40 Reputation points

2026-04-23T14:49:53.9933333+00:00
Oh ok... maybe it's something we're doing wrong then. Can I bother you for some more details on your setup? Are you using a self signed cert or one from a bigger company? (Azure, DigiCert? etc)

Are your windows policies are all normal? No special reg edits or policy changes?

Maybe we doing something we don't understand... that's totally possible...

We ran into a weird error trying to get text input working remotely on the normal desktop (before escalation). We had to align the structs I think it was. So, maybe we're missing something in the handling of the escalation etc or our test bench setup...

OK, I'll try it on the Win 10 22H2, I have one around here somewhere or I can spin one up in a short period of time in a Virtual Machine to test the logic and pathways.

The other thing is... maybe we stuck our certs in the wrong spot and that is why it's failing for us...

Maybe I should make sure our certs are installed correctly if you have time?

This is our batch file to install our self signed cert on the machine that runs the Client, Service, and Launcher... if you have time, does this look correct? (if you don't want me bothering you with fine tuning what we have tried to do then just say so, I don't want to be a pain in anyones butt... LOL)... I'm just striving for the path to get this working... :) We have it working, just not working for a UAC, Secure Desktop prompt.. :) Maybe we are missing something in our setup? We are self taught and I'm coming from a Commodore 64 ML background so that's possible.

@echo off @echo For Local Test Bench Testing of DDClient, DDService, DDLauncher setlocal :: Check for Admin rights by attempting to access a restricted system folder net session >nul 2>&1 if %errorLevel% neq 0 ( color 0C echo ====================================================== echo [ERROR] ACCESS DENIED echo ====================================================== echo This script MUST be run as Administrator to update echo the Local Machine certificate stores. echo. echo Please Right-Click "Trust_DDC.bat" and select echo "Run as Administrator". echo ====================================================== pause exit /b ) :: Configuration set "certFile=DDC_Auth_New.pfx" set "certPass=password123" echo --- Verified Admin Rights --- echo Importing %certFile% to the Big 4 stores... :: 1 & 2: Local Machine Stores certutil -addstore -f "Root" "%certFile%" certutil -f -p "%certPass%" -importpfx "TrustedPublisher" "%certFile%" :: 3 & 4: Current User Stores certutil -user -addstore -f "Root" "%certFile%" certutil -user -f -p "%certPass%" -importpfx "TrustedPublisher" "%certFile%" echo. echo Trust established successfully. pause
David Perry 40 Reputation points

2026-04-23T15:07:07.59+00:00

I think you might have found a solution for us... we were trying to STREAM the Secure Desktop from the test bench to my main programming machine... your code seems to just click the YES button...

I'll try that hopefully this weekend... we have house repairs to work on. I WILL come back and let you know how it went.

We were trying to capture all the pixels of the secure desktop, you're using UI automation which can work from SYSTEM... we don't need to see the secure desktop, we just need the YES button clicked at least in our test version. When the product is polished enough, then we will tackle buying the EV, maybe making a driver if that's what it takes to get this working at the login prompt and for interacting with the secure desktop.

I'll update you when I get programming. Hopefully this weekend. Thank you!
RLWA32 52,566 Reputation points

2026-04-23T15:08:28.05+00:00

@David Perry, At first I was testing with self-signed certificates and UiAccess specified in the manifest running as an Administrator. No joy manipulating the secure desktop. But as it turns out, the code (running as SYSTEM) that was not signed and was not manifested to be a UiAccess application worked properly without any issues. It seemed that using the SYSTEM account was sufficient.

And the UAC policies were all as standard. No special group policy or registry tweaks for security.
David Perry 40 Reputation points

2026-04-23T15:20:08.9433333+00:00

Thanks for that info... we'll try it a few different ways then to see what works in the meantime. I'll spin up a virtual machine and then try doing all that as you mentioned. That would be awesome if it worked. We can cross the harder bridges later on before it goes to public production in the future. It would be fun to test it locally and make sure all our paths and code is working flawlessly.

I agree... there is no joy working with the secure desktop. All that should matter is... are we a trusted company? If yes, allow secure desktop access, if not, deny. Everything seems so messy in it's implementation.

I'll update you once I have time to sit down and program. Thank you!
RLWA32 52,566 Reputation points

2026-04-24T11:02:02.2033333+00:00

@David Perry, One thing that is not clear to me is that you wrote --

While we did get a SYSTEM level service running, and it was able to detect when the UAC popped up...

I know that a Windows service running as SYSTEM in session 0 will NOT receive EVENT_SYSTEM_DESKTOPSWITCH notifications related to a user's interactive session. Session 0 has its own isolated Window stations/desktops.

So exactly how did your service detect the switch in a user's interactive session to the secure desktop?
David Perry 40 Reputation points

2026-04-25T15:02:02.1233333+00:00

Hey there RLWA32... oh, yes, you are right... it's our client that detects the UAC switch not our SYSTEM (service). Sorry, my head is trying to wrap my thoughts around all this. I get confused easily.

We did have one breakthrough last night... not sure what we did differently, but we were always able to get SYSTEM to spawn SYSTEM, but we never could get the SYSTEM service to automatically run the client. I always had to run the client manually.

We are now testing on a fresh VM'd Win 10 20H2 with no updates right now. Just to make sure our code is flowing properly. We tried on 1511 but nothing would run (we targeted NET 10) and thought, we went too far back to test and didn't feel like fiddling to get it working on something so old anyways. So, 20H2 it is for testing. Once that is working, I'll start doing updates and see if and where it breaks.

I'm going to put 2 methods in todays version to save how we managed to get SYSTEM to launch USER properly this time. Not sure what we did wrong before so I'm going to go over the code and see if I can tell what changed. Maybe it's because of the 20H2... we shall see... :)
RLWA32 52,566 Reputation points

2026-04-25T16:34:11.56+00:00

David,

I'll assume that the site filters have automatically deleted a response from you to my last inquiry. If so, kindly repost a response. Sometimes the Q&A site filters are overly aggressive and delete perfectly appropriate content. Whenever I post to Q&A I check to see if my post survived.
David Perry 40 Reputation points

2026-04-27T17:43:09.4033333+00:00

Hey there RLWA32, sorry for the delay in getting back, I have a few replies to your last conversation. I have to work today so very limited for time. I am trying your everything as SYSTEM, no certs, no UIaccess=true to see how far we get. So far, DDService launches DDLauncher no problem, and that is now able to launch DDClient and DDAClicker. We're in the middle of 2 versions so I don't expect things to be working yet due to time. I'll update you on the latest tests as soon as I can sit down and play some more.

:)
RLWA32 52,566 Reputation points

2026-04-30T10:09:34.8433333+00:00
@David Perry, With respect to the 740 error code issue following is the result of attempting to start a Windows service that has been manifested as a UiAccess application -

After adjusting the Windows service manifest to not be a UiAccess application the service starts successfully.

However, when attempting to run its helper process (manifested as a UiAccess application) the attempt fails with error code 740 -

I solved this problem with a bit of run-time code. When the service starts it uses SetTokeInformation to flag itself as a UiAccess application. The service control doesn't complain because the service process is NOT manifested as a UiAccess application. Keep in mind that proof of concept code doesn't include all the error checking or other considerations you would contemplate in a production application.

HANDLE hSysToken{}; if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hSysToken)) { DWORD dwUIAccess{ 1 }; SetTokenInformation(hSysToken, TokenUIAccess, &dwUIAccess, sizeof(DWORD)); CloseHandle(hSysToken); }

Now the Windows service start successfully and can also start its helper process as a Uiaccess application in the user's interactive session.

In this example the helper application runs the Inspect.exe UiAccess process on the secure desktop when desktop switches occur for various reasons. For example,

Finally, the WTSGetActiveConsoleSessionId function returns the id of the session that is connected to the physical console. In order to identify the session connected to an RDP sign-on code should use the WTSEnumerateSessions function and examine the returned list of WTS_SESSION_INFO structures to obtain session ids and their related connection states as documented by WTS_CONNECTSTATE_CLASS enumeration. For non-server versions of Windows the session id of the WTSActive session should be used to adjust the session id of the token passed to CreateProcessAsUser.
David Perry 40 Reputation points

2026-04-30T19:10:21.2266667+00:00

That inspect tool looks really cool (I see it's been updated as well)... thank you!!! :) That's the other thing I have to learn... what tools are out there!!! :)

Also, thank you for the detailed info... it helps a lot!

Answer 2

Taki Ly (WICLOUD CORPORATION) 1,500 Microsoft External Staff Moderator

Hello @David Perry ,

I would like to offer some suggestions:

1. Certificates: Artifact Signing (formerly Azure Code Signing) provides Identity Validation, satisfies SmartScreen, and meets the cryptographic requirements for uiAccess.

2. Local test is failing: Your self-signed cert is probably fine. The roadblock is likely the File Location. For Windows to honor uiAccess="true", the .exe must be signed and run from a Secure Location (like C:\Program Files\). Running it from D:\ or your Desktop silently strips the uiAccess rights. So, the workaround is copying your self-signed .exe into C:\Program Files\Test\ and run it from there.

3. The Proper Architecture (Win32 APIs) Commercial tools often don't just rely on uiAccess. Since your system service is in Session 0, it should detect the UAC prompt and spawn a worker directly onto the Secure Desktop (Winlogon). The API flow you would P/Invoke in C#: Monitor Desktop: Use OpenInputDesktop to detect when the active desktop switches from Default to Winlogon. Get Session & Token: Use WTSGetActiveConsoleSessionId, WTSQueryUserToken, and DuplicateTokenEx. Spawn Worker: Launch your capture/input agent using CreateProcessAsUser. The step is setting the lpDesktop in the STARTUPINFO structure to @"Winsta0\Winlogon".

That spawned agent might see UAC and your SendInput clicks will register. When UAC closes, that agent terminates, and your Default desktop agent resumes.

I hope these suggestions helpful. Let me know if you need any further helps, and I can try to assist. If you found my response helpful or informative, I would greatly appreciate it if you could provide feedback by following this guide.

Good luck with building your software. Thank you.

RLWA32 52,566 Reputation points

2026-04-22T11:30:40.0833333+00:00

Instead of polling with OpenInputDesktop to detect a switch to the secure desktop maybe using Winevents (https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwineventhook) with WINEVENT_OUTOFCONTEXT to receive EVENT_SYSTEM_DESKTOPSWITCH would be an alternative.
David Perry 40 Reputation points

2026-04-22T19:33:00.2766667+00:00

Hey there Taki Ly and RLWA32,

@Taki Ly, Thank you for taking the time to reply - I appreciate it! I may be wrong, so I apologize in advance if I am ... but, I don't think that works anymore.

The UIAccess=true does allow me to interact with "already elevated" apps like cmd etc. (we did get this working). ...but, no matter what is done, we can't interact with the secure desktop (SD), elevate the token, or anything anymore. We did try all the functions you had up above, but, Windows won't allow us to interact with the Secure Desktop at all or inject a click.

The older way would allow a click to be injected to the SD just to click on the prompt... that would have been an acceptable workaround as we don't care about typing passwords into elevated windows - I can always call customers to type in their passwords. however, that has now been hardened as well from what I gathered.

Everything seems to point at having to make a driver that sits high enough to interact with the SD, and act as a go-between the 2 parts of the remote control software.

Also, we did have our manifest set to uiaccess=true and the files were in Program Files (I forgot to mention that earlier).

While we did get a SYSTEM level service running, and it was able to detect when the UAC popped up, it wasn't high enough to interact with the SD. Maybe because of the self signed cert. I just wish I could have a definitive answer that if I buy an Azure Code Signing cert would this allow us to interact with the SD? Or even buy an EV... but, all research into those both claim it will only allow us to interact with already elevated APPS like cmd, etc but we still can't touch the SD...

As I said, I may be wrong... I'm a novice in windows programming. An expert in 6502 assembly language! LOL! :) Different eras...

I heard there is a fee I could pay to talk to a MS Engineer but it's $499 per incidence. I (pathetically) only make $15k-$20k CAD a year running my onsite/remote IT business. I only stayed doing that because it's fun helping people, the pay isn't that great! LOL!

Apparently sendInput and other functions are now blocked after the Jan - April 2026 hardenings... with more hardenings on the way it seems...

I wouldn't mind buying an EV IF I could get a 100% confirmation from MS that "yes, this will solve the problem"... but, without knowing if it will... that's a huge expense for someone who makes so little. Same with the per incident fee...

I wish I never stopped programming all these years... I was always supposed to be a programmer, but, when I started the onsite repair in 1997, it took off as there was very few onsite IT back in those days... fast forward 27+ years... I wanted to get back into programming but everything has changed so much since the 6502 days! LOL!

Not being able to buy a book like "Mapping the C64" with every secret in it makes learning as a self taught human very difficult at 56 years old.

I do appreciate you taking the time out of your day to try and help me... it may be the answer but, I think that would have worked before all these hardening updates came out...

I just wish I had a "take this path, it's 100% going to work"... and then we decide on taking that path or not...

If it's mandatory to have a driver... then, I won't be able to do that at all. That is WAY above my knowledge at this stage of the game...

@RLWA32, Also, thank you for the event driven idea to check for the desktop switch.

If you have any other tips, I am always open to listening. Thank you for your time!!! (and if I am wrong on anything, please correct me).

David Perry

Perry Computer Services (Canada)
Taki Ly (WICLOUD CORPORATION) 1,500 Reputation points Microsoft External Staff Moderator

2026-04-24T10:40:40.5533333+00:00
Hello @David Perry ,

I would like to share a few more thoughts, hoping they might help you decide what to do next:

1. About the Kernel Driver:

I don't think a custom kernel driver is strictly required. It seems that many remote control tools can achieve this using just normal Windows services (in user-space) without needing a driver.

2. Why your clicks might be blocked:

You mentioned that your service can see the UAC but cannot interact with it. This could be related to "Integrity Levels". The UAC prompt runs at a very high level called System Integrity.

I actually did a quick test with TeamViewer on a virtual machine using Sysinternals Process Explorer. I noticed that their background service creates a worker process on the user's active screen, and this worker process runs at the exact same System integrity level.

If your service creates a worker process on the Secure Desktop, but that worker only has Medium or High integrity, Windows security will likely drop your simulated mouse clicks (SendInput). You might need to look into duplicating the SYSTEM token so your worker process also runs at that exact System Integrity level.

3. Microsoft API documentation you might need:

If you want to try the token manipulation approach in C# (using P/Invoke) later, I suggest these official Microsoft documentations for the APIs that are usually required to make this work:

WTSGetActiveConsoleSessionId (To get the current user's session): https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-wtsgetactiveconsolesessionid

OpenProcessToken (To get your service's SYSTEM token): https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocesstoken

DuplicateTokenEx (To duplicate that SYSTEM token): https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetokenex

SetTokenInformation (To set the new session ID to the duplicated token): https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-settokeninformation

CreateProcessAsUser (To spawn your worker process using the duplicated token): https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessasuserw

I hope these suggestions and links point you in a helpful direction. Please let me know how it goes, or if you have any questions along the way.

Thank you.
David Perry 40 Reputation points

2026-04-25T15:14:59.6966667+00:00

Thank you Taki Ly, I never thought to use Sysinternals to watch TV and what it does :) I was considering disassembling it to see what functions they called (if you could even do that, last time I touched a disassembler was on my Commodore 64 LOL, so, who knows if you could even do that these days). But, the functions you showed up above, thank you! I'll read them over and see if I am missing anything.

I'm slowly edging closer to fixing whatever we are doing wrong. We originally had our service launch another system but could never get system to properly launch a user space program (the client). We finally got that working last night. Previously I always had to manually run the client.

Thank you for the tips and how TV spawns off it's process...

I'll update after some more testing. We decided to start testing on Win 10 20H2 instead of Win 11... so, right now, we're on 20H2 with no updates, once we get it working there, we'll update to the next version and keep going till we hit a wall and see where our code stops working.

But, even on 20H2... we JUST got our SYSTEM service to automatically launch the client in the user space.

We were doing something wrong with our tokens before. Today, I only have a couple of hours to program before I have to go to work... I'm going to separate the methods this time, one for launching system, one for launching the client...

Have a great day!
Taki Ly (WICLOUD CORPORATION) 1,500 Reputation points Microsoft External Staff Moderator

2026-04-28T08:19:33.3466667+00:00

Hi @David Perry ,

It is great to hear you made some solid progress.

Your testing strategy starting with a clean Windows 10 20H2 and updating incrementally is a very smart and practical approach. It will help pinpoint which Windows update introduces the changes that affect your code.

Take your time with restructuring your methods and testing. Please feel free to share your updates whenever you are ready.

Have a great day!
David Perry 40 Reputation points

2026-04-30T05:59:41.37+00:00

Hey there Taki Ly and RLWA32 - I want to thank you both for taking the time to guide me and try and help me. While I did make some decent progress it was 1 thing after another. The 740 error being the biggest problem however with the secure desktop and all the other problems I have encountered this project is hard to get working.

I never got the auto clicking working trying to use RLWA32's idea, but inspecting how TV ran did help us get further.

BUT, the more I dug into this project the harder I realized it would be. I have never written a Windows program before this month. And, this is quite the project. Even if we get this part of it working, there is still the support framework website and everything to go with it.

Since I have been away from programming so long, I need to sharpen my skills before I tackle something this difficult. For my first Windows program this is quite the challenge and I appreciate you both taking time out of your busy lives to help a stranger.

I appreciate it. I'm in the works to get my company registered and all the other complexities in starting a partnership with Microsoft.. is it just me being a novice or is the admin.microsoft.com and partner.microsoft.com and other .microsoft.com part of the website very confusing, and doesn't work very well. It's like the left hand doesn't know what the right hand is doing. Very confusing to navigate and lots of strange error messages that when you click them, take you to dead end pages. I am in contact with someone via email to help resolve all that confusion. It says "You must upload documents" and I go to upload documents and it's a blank page and says "no program found"! LOL! Very strangely designed website for a company that has so much talent it could source from to fix it up and make it nice and clean and straightforward. :)

So, for now, due to not getting my income tax done, and all sorts of other IT responsibilities I neglected in order to program this for a few weeks LOL, I let things slide that were supposed to come first before I started programming. I'm going to work on the framework first (websites etc) to sharpen my brain up a bit before tackling this huge task again. And in the meantime, study and make smaller Windows programs before jumping into the deep end.

I knew this was going to be difficult but, it was fun. I did learn a LOT, and you both gave me some extra insight into how Windows works, and I think you for those links to those commands used in the token situations.

Have a great day and thank you for your time and help! This old ancient programmer really appreciates it :)

I adore my 64... my Commodore 64... LOL! Ah, a much simpler time. :) LOL!

Well, I'll catch up... just need some immersion to teach this old brain some new tricks. :)

David Perry

Perry Computer Services (Canada)
Jack Dang (WICLOUD CORPORATION) 18,310 Reputation points Microsoft External Staff Moderator

2026-04-30T07:12:11.64+00:00

Hi @David Perry ,

Thanks for your honest feedback.

If Taki's answer and explanation were helpful to you so far, I would greatly appreciate it if you could follow the instructions here. In the future, if you have any update, feel free to open a new thread on this platform and we are happy to support you.
RLWA32 52,566 Reputation points

2026-04-30T08:18:56.37+00:00

@David Perry, Thanks for following-up with us.

The 740 error being the biggest problem however with the secure desktop...

In my experience error code 740 (The requested operation requires elevation) results when a process that is not running as a UiAccess application attempts to start a UiAccess application. I have seen such attempts fail even when the starting process (i.e., the one that called CreateProcess/CreateProcessAsUser) is running as an Administrator with elevated privileges or is running as SYSTEM. This makes the issuance of the 740 error code awfully confusing.

Apparently, only a process already running as a UiAccess process can successfully use CreateProcess/CreateProcessAsUser to start another UiAccess application.

I have managed to solve this problem so that a Windows service running in session 0 can start a UiAccess application on the secure desktop.

I will post some more about this shortly after I get a virtual machine fired up to demonstrate the solution.

I never got the auto clicking working trying to use RLWA32's idea

I'll also provide some more information about how to successfully use UIAutomation to dismiss the UAC consent dialog.
David Perry 40 Reputation points

2026-04-30T19:04:00.0933333+00:00

I would like to thank you both for the time you spent trying to narrow down my problem. Thanks to your help and suggestions (a bit from both of you) we do have our services running, launching other services but not a full blown remote control program - that will have to wait for the future when I have more time to program. My main job is IT, programming was always my passion, but, I have to pay the bills while I transition the company back to what I always wanted. I wish I could mark both of yours as answers because you both helped in different ways...

I don't want to hurt anyones feelings by accepting one answer over another... I'll see if I can mark both of your answers as answers but I have a feeling I can only do one. I'll upvote as many comments are possible for you both before accepting RLWA32's answer first and then I'll try Taki's answer if it lets me... the reason is, RLWA32's answer did push us more towards a solution... but, it's both of you... I feel bad not being able to accept both of you for your time helping me... Well, maybe it will let me. Sorry if it doesn't ...

I was able to use Taki's answer to use SysInternals to dig into TV and AD's behavior and get processes launching, also RLWA32's answer and code snippits to run things as SYSTEM and using UIAutomation to get the other path mostly working, but that led us to a partial solution that allowed some success.

Thank you both!!!
David Perry 40 Reputation points

2026-04-30T19:08:08.91+00:00

YAY! To the programmer that allowed up to 3 answers to be selected :) LOL! Have a great day everyone and thank you!

David Perry
RLWA32 52,566 Reputation points

2026-04-30T20:44:39.21+00:00

David, It was a pleasure to help you. Best of luck when you find the time to return to pursuing your development objectives.

Share via

proper requirements to test in house before buying an EV to interact with the secure desktop

0 additional answers

Your answer