for my current project in windows, I have decided to use administrative rights on execution time. I don't want the user to do right click and "run as administrator", but instead that on launch, the app run as administrator without using the trick of the shortcut.
the Exe produced by the building produces an exe file that does not run under administrative rights. There is a way to force TideSDK to build an exe with Administrative Rights on execution?
Thanks.
Clue : I had seen the python code that builds the exe project, but seems there is no flag to build the exe code with adminstrative rights:
C:\Program Files (x86)\TideSDK Developer\Resources\modules\packaging\js\packaging.js
C:\ProgramData\TideSDK\sdk\win32\1.3.1-beta\tidebuilder.py
A good middleware independent way of doing this is by adding a manifest into the Exe. Ive had success in doing this for PyInstaller, etc
Download: http://www.angusj.com/resourcehacker/
then add or modify manifest.
<!-- Identify the application security requirements. -->
<!-- level can be "asInvoker", "highestAvailable", or "requireAdministrator" -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
Related
I use Inno Setup to generate the App installer. It succesfully installs the app, but I only can run it as Administrator. Since I don't want the user to right click the exe file and choose "Run as Administrator", I wonder if there is any simple way to grant admin privileges to the app itself, or conversly, grant those privileges by code.
Thanks.
I wonder if there is any simple way to grant admin privileges to the app itself
You need to provide a UAC manifest for your app that has its requestedExecutionLevel value set to requireAdministrator.
Create a text file with a .manifest file extension, and put the following XML in it:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="MyAppAssemblyNameHere" type="win32"/>
<description>My App Description</description>
<!-- uncomment this to enable ComCtl v6 Visual Styles...
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/>
</dependentAssembly>
</dependency>
-->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Create a text file with a .rc file extension, and have it reference the .manifest file:
1 24 "myapp.manifest"
Compile the .rc file into a .res file using the command-line brcc32.exe utility.
brcc32 myapp.rc
In your project, go to Project > Options > Application and uncheck the "Enable runtime themes" checkbox. This disables Delphi's default manifest, which only enables ComCtl v6 Visual Styles (which is why you need to enable styles manually in a custom manifest).
Now add the compiled .res file to your project, and build.
or conversly, grant those privileges by code.
Not directly, no. UAC elevation only happens at process startup. Once a process has started running, it cannot be elevated dynamically. However, what you CAN do is either:
call ShellExecute/Ex() with the "runas" verb to launch another copy of your app with an extra command-line parameter (or a separate .exe) to run your administrative logic as needed. "runas" will elevate that process, even if it does not have a UAC manifest. If your main app needs to wait for the admin process to finish, it can specify the SEE_MASK_NOCLOSEPROCESS flag to ShellExecuteEx() and then use WaitForSingleObject() or related function to wait on the returned HANDLE, which will be signaled when the launched process exits.
move your administrative logic into a COM object that your main .exe can instantiate in an elevated state using the COM Elevation Moniker when needed.
This way, your main .exe does not need to use a requireAdministrator manifest, which you should always strive to avoid unless you REALLY need the entire app to run with admin rights.
OS: Windows 7 Professional 64 bit
My Arduino IDE fails to open unless I "Run as administrator". If I don't,It will just show the loading screen:
but will not actually open up the IDE. I have been searching for ways that I could bypass this just for arduino.exe and have found that this could be done with Windows Application Compatibility toolkit as outlined here.
When I get to the test run part after checking runasinvoker as shown here:
(source: meridian.ws)
Arduino started with no issues. But after I follow the rest of the steps and install the fix, my Arduino IDE program still has the same problem. If I do not run it as administrator, it will just show the loading splash screen and not the IDE part.
Please help! Thanks!
If this program does not support running as a standard user, you will not be able to fix that. The developers of the application need to fix it so that it runs correctly as a standard user.
People are confused by the UAC. Try running the same application on Windows XP.
It's possible that File and Registry Redirection is causing an issue, but i doubt it. You can disable File and Registry Redirection by adding an assembly manifest that includes the runas invoker section:
Arduino.exe.manifest:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="client"
type="win32"
/>
<description>Don't Arguino With Me</description>
<!-- Disable Windows Vista UAC compatability heuristics -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
and place arduino.exe.manifest in the same folder as arduino.exe.
Note: Windows will only read an external assembly manifest file if there isn't already an assembly manifest resource inside the application. I doubt there already is one.
Best guess: this application must be run as an administrator, and that's the end of it (until they fix it)
I'm trying to get a VB app (my.exe) to run as Administrator on Windows 7. So I'm using a Manifest (below) to do that. But when I run it (and immediately exit the My.exe) I get the Program Compatibility Assistant warning:
"This program might not have installed correctly"
Of course, I am not doing any installing.
If I set the EXE to Run As Administrator (by right-clicking My.exe ) then I do not get this warning (with or without the manifest present)
or
If I remove the manifest file (and set exe to run as admin or do not do that) I do not get the warning.
Any ideas why this is happening and how to NOT get this warning using the Manifest?
MANIFEST
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<!-- Make My Manifest 0.7.300 -->
<assemblyIdentity name="Bungalow.Software,.Inc..CDCodes" processorArchitecture="X86" type="win32" version="10.0.0.16" />
<description>Internal BSW program to generation installation and actvation codes</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<**requestedExecutionLevel level="requireAdministrator" uiAccess="false"** />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Try adding a compatibility section in your manifest.
Your manifest says "I am an admin app; I change this computer" but when it has finished running, the registry is unchanged, program files is unchanged, etc. So Windows wonders to itself -is everything ok? And then it asks you.
How Do I deploy applications so that they require administrator rights without the end-user doing that by hand?
I use Delphi 2009 to build the application.
You can inform Windows that your application needs to run as an administrator by using the requestedExecutionLevel element in your application manifest.
The manifest file is an XML file that looks as follows. It should be named YourApp.exe.manifest and placed in the same folder as the executable. (It can also be embedded in the resources of your application; it must have a resource type of RT_MANIFEST and an ID of 1.)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="YourApp" type="win32"/>
<description>Description of your application</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
For further details on application manifests and how to create them, see Create and Embed an Application Manifest (UAC) at MSDN.
Note that the manifest is only respected by Windows Vista and later. If your user is running as a standard user on Windows XP, your application will not be launched as an administrator; you may need to write code to detect this if it will be a problem for your application.
Another option, although not recommended for "every day applications", is to name your executable with "Install" or "Setup" as part of the name. Keep in mind that if you don't change any registry settings, or create any new files then windows will display a warning to the user that the program might not have run properly.
I would like my program to update itself (downloading a new exe and/or some other files from ftp) and I used the recipe in the accepted answer to this question.
Recap:
Rename running program to old-mp.exe
Download the update as mp.exe directly
Restart the program
This works great for windows XP. On vista there is a problem, as the user must run the program as administrator for this to work. Rightclicking and selecting "Run as administrator" might be over my users heads... Does anyone know a way around this? I like the simple update method very much.
The simple option is to include a manifest that specifies that the application needs administrator rights. Then Vista will automatically prompt for the rights elevation. The manifest should look something like this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="ApplicationName" type="win32"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
You can use the mt.exe tool to add it to an existing application.
Alternatively you can restart the program with administrative rights just before the actual update. That way the user won't need to run with administrative rights always - just when updating.