Problems with uiAccess = true
[...]
I have tried to search your problem in Microsoft's internal database. I
found that the error message "A referral was returned from the server"
corresponds to: ERROR_DS_REFERRAL.
Further discussion shows that ShellExecute
API will call the
AIS(Application Information Service) to elevate the launched application.
However, if you have set policy "User Account Control: Only elevate
executables that are signed and validated" to enabled in secplo.msc, AIS
will try to contact the certificate/signing subsystem. to validate your
Exetable. If the validation fails, the AIS retruns ERROR_DS_REFERRAL to the
ShellExecute, which is finally reported to the end user. Yes, this error
message is not informative now, the Vista security team filed an internal
bug to discuss this and may catalog and translate all of those error codes
into ERROR_ACCESS_DENIED_BY_POLICY in the future.
To verify if your problem is caused by the AIS validation failure, you may
try to disable "Local Policies"->"Security Options"->"User Account Control:
Only elevate executables that are signed and validated" in secplo.msc.
Note: it is disabled by default in my Vista machine.
If you still can not address this problem, is it possible for you to create
a little sample project for me to reproduce this problem? Then I may give
it a troubleshoot. Additionally, to isolate this problem better, I
recommend you use pure
Win32 unmanaged to write a this sample.
Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support