I am developing an app in Visual Studio 2013 on Windows 7 x64 that requires administrator privileges but it appears my manifest is being ignored:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel node will disable file and registry virtualization.
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of all Windows versions that this application is designed to work with.
Windows will automatically select the most compatible environment.-->
<!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node-->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>-->
<!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node-->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>-->
<!-- If your application is designed to work with Windows 8.1, uncomment the following supportedOS node-->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>-->
</application>
</compatibility>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</asmv1:assembly>
To test my theory, I put in some invalid text to see if the parser would crash, but nothing happened. I have tried building as Any CPU, x86, and x64 with the same result. What am I doing wrong?
If you like me removed the manifest and restored it back via source control, your app has likely selected the default-settings-manifest and will ignore all further changes to your custom app.manifest file.
To resolve the problem:
Right click your project
Click properties
Find the Icons and Manifest section
Specify the app.manifest in the drop-down
Save changes
Related
I write a flutter windows app, I want to launch a golang service when flutter app start on windows, and how run flutter app on windows with admininstrator rights?
setting CmakeLists.txt in runner directory with below:
SET_TARGET_PROPERTIES(${BINARY_NAME} PROPERTIES LINK_FLAGS "/MANIFESTUAC:\"level='requireAdministrator' uiAccess='false'\" /SUBSYSTEM:WINDOWS")
I set the trustInfo security in runner.exe.mainifest file to get administator rights.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>
</windowsSettings>
</application>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
</application>
</compatibility>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
There are same errors when link;
Launching lib\main.dart on Windows in debug mode...
Building Windows application...
LINK : fatal error LNK1327: run mt.exe Error during [D:\hosec\IPSec VPN Client\Windows\ipsec-windows-client-front\build\windows\runner\ipsec_windows_client_front.vcxproj]
Exception: Build process failed.
I think there are two ways to get administrator rights, one is setting in manifest like above description, the other is setting in CmakeLists.txt,
SET_TARGET_PROPERTIES(PROPERTIES LINK_FLAGS \
"/MANIFESTUAC:\"level='requireAdministrator' uiAccess='false'\" \
/SUBSYSTEM:WINDOWS")
But the second way does not get the administrator rights when launching
a flutter windows app.
According to Microsoft's documentation, .local redirection is disabled when the application has a manifest. But I observed that even if the EXE file has an embedded manifest, if there's a folder <exe name>.exe.local in the application directory, the redirection is still applied.
For example, here is the embedded manifest for foo.exe:
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />
</dependentAssembly>
</dependency>
</assembly>
If I place a folder foo.exe.local in the application directory, then Windows tries to load comctl32.dll from foo.exe.local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.437_none_05b63dca071e5dd6\comctl32.dll, rather than the one under C:\Windows\WinSxS.
I tested this on Windows 10 x64 version 10.0.17763.437, and on Windows 7 x86 with latest patches.
So why is .local redirection still followed? How do I change the manifest to disable .local completely?
I have observed the same behavior as well. I would love to know if anyone knows how to disable Windows .local ("dotLocal") redirection - I believe this is a side effect of WinSxS side-by-side loading.
I have tested on Windows 10 x64, version 10.0.17763.503.
Note that I have discovered I can use an undocumented "loadFrom" feature of the manifest to force COMCTL32.DLL to load from the \Windows\System32 directory. However, this only works if the executable does not require Visual Styles and can use COMCTL32 version 5.x.
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<file name="comctl32.dll" loadFrom="%SystemRoot%\System32\" />
</assembly>
I have a problem with the installation of the service.
I do it by default shortcut and a postscript or /install /uninstall depending on the need . Unfortunately, the program generates an error to stop the action .
Amazingly installation work properly on older environments.
Is there any other way to install the service?
The installation worked on older environments when UAC is turned off (which is a bad thing to do), you always need to run your installation program/script with elevated privileges (it has been like this since Windows Vista).
You can include a manifest so that your application/service requires elevation when executing with /install parameter.
To include a manifest, you need to create an xml file called manifest.xml with following contents:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="YourApplication.exe" type="*" />
<description>elevate execution level</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" />
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="*" />
</dependentAssembly>
</dependency>
</assembly>
Then create a file called manifest.rc with following content:
1 24 "Manifest.xml"
In modern Delphi versions, you can just include the rc file in the project via the project manager and Delphi will automatically include it as a resource. In older Delphi versions you need to manually compile the .rc file with brcc compiler to produce the .res file.
Have you try to run as administrator? Maybe it is a permission problem.
In modern Delphi versions : no need .rc
Go to Menu :
Project > Options > Application > Manifest File :
- AutoGenerate
- RequireAdminstrator
Best regards.
I have a C++ Builder/Delphi application. It has the following manifest embedded as a resource:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity type="win32"
processorArchitecture="*"
version="1.0.0.0"
name="Manufacturer.Division.MyName" />
<description>MyName</description>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*" />
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" /> <!-- Win Vista and Win Serv 2008 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" /> <!-- Win 7 and Win Serv 2008 R2 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" /> <!-- Win 8 and Win Serv 2012 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" /> <!-- Win 8.1 and Win Serv 2012 R2 -->
</application>
</compatibility>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">True/PM</dpiAware>
</windowsSettings>
</application>
</assembly>
The software does not utilize registry HKLM - only HKCU, and it reads/writes to %LocalAppData%. It does not require administrative privileges.
The requestedExecutionLevel is set to asInvoker as seen from above XML manifest so it should not show shield icon.
On some desktops the shield icon does not appear and on some it does - other programs do not show shield icon on the same desktop. What is possibly causing shield icon (and the annoying UAC prompt) for my application?
On all systems - the user type is Administrator and UAC is set to default level (on Windows 7 and 8) - so I really see no cause of shield to be shown only on some and not on all desktops.
What is different on these systems where the shield icon appears compared to the ones where shield icon is not present?
The executable file has compatibility options set to force the application to execute as administrator.
My last question "List service and services status under Win-7" made me start working on a solution that gives my app the admin privileges under Windows Vista onward based on a .manifest file.
I was not sure about continue the previous question with this matter since they are not the same so here is another question:
My app now works fine under Win 7 whether or not I run it "as admin" because of the manifest file.
My manifest file is as follow:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.6.0.5" processorArchitecture="X86" name="ServiceMonitorPro" type="win32"/>
<description publisher="Powershield Ltd" product="Powershield Service Monitor">Powershield Service Monitor</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
When the application runs on windows 7 or Vista, the UAC comes with a dialog like this:
alt text http://www.freeimagehosting.net/uploads/39787fd3dd.jpg
How can I replace the "unknow" publisher?
The other and bigest problem is, even thou the app runs with no problem under Win7 or Vista, under WinXP it is now crashing with the message:
"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."
Another thing I would like to add: If
I add reference (uses clause) to XPMan
the app works fine on WinXP but then
it my .manifest file makes no
diference under Vista or Win7.
I have to thank everyone that, with comments or answers point me to keep digging... :)
I went to search for the file WindowsXP.res.
The content of that file is:
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="DelphiApplication"
version="1.0.0.0"
processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
</assembly>
The solution: I have mixed my .manifest file with the WindowsXP.Res xml one adding the dependency section.
If anyone know why its now working, I would be glad to hear about - but this was the solution here - tested so far in a couple of virtual machines, on my computer and a couple of others... working :)
You need to sign your code with a code signing certificate. There should be lots of examples here. I have re-tagged your question with "code-signing", and you can also look for "certificate".
I use Comodo certs myself, and sign them with the awesome, wonderful, Visual Build Pro v6, which is an advertiser here on SO.
You can indicate compatibility with various versions of Windows in your manifest as well. I know that there are entries for compatibility with Vista and Win7; not sure about XP.
Info about the manifest compatibility section is available at MSDN. This may help, also - from the linked page:
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
</application>
</compatibility>
On newer versions of Delphi (7 and above I think) you also need to also be sure to uncheck the "Use Runtime Themes" option in your project options dialog, otherwise Delphi will automatically link in its own default manifest file (that's how it enables the "theme support") and you will get a runtime error about the application's configuration being incorrect, because there will be conflicting entries.
Here's a complete manifest file for a Delphi2007 app which needs to run in adminstrator mode in Windows 7, and also includes the "dependency" section to enable runtime theme support:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="CodeGear RAD Studio"
version="11.0.2902.10471"
processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>