I created an application in Excel VBA that needs to run a batch file out of script and I was wondering how I can elevate all the processes that the process creates. Please I need to know how to elevate processes?
If you have an EXE, you can embed a manifest it that will make it require adminrights on Windows 7/Vista.
Edit: The entire that does this manifest would be:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="highestAvailable" uiAccess="False" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Related
I write a flutter windows app, I want to launch a golang service when flutter app start on windows, and how run flutter app on windows with admininstrator rights?
setting CmakeLists.txt in runner directory with below:
SET_TARGET_PROPERTIES(${BINARY_NAME} PROPERTIES LINK_FLAGS "/MANIFESTUAC:\"level='requireAdministrator' uiAccess='false'\" /SUBSYSTEM:WINDOWS")
I set the trustInfo security in runner.exe.mainifest file to get administator rights.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>
</windowsSettings>
</application>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
</application>
</compatibility>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
There are same errors when link;
Launching lib\main.dart on Windows in debug mode...
Building Windows application...
LINK : fatal error LNK1327: run mt.exe Error during [D:\hosec\IPSec VPN Client\Windows\ipsec-windows-client-front\build\windows\runner\ipsec_windows_client_front.vcxproj]
Exception: Build process failed.
I think there are two ways to get administrator rights, one is setting in manifest like above description, the other is setting in CmakeLists.txt,
SET_TARGET_PROPERTIES(PROPERTIES LINK_FLAGS \
"/MANIFESTUAC:\"level='requireAdministrator' uiAccess='false'\" \
/SUBSYSTEM:WINDOWS")
But the second way does not get the administrator rights when launching
a flutter windows app.
According to Microsoft's documentation, .local redirection is disabled when the application has a manifest. But I observed that even if the EXE file has an embedded manifest, if there's a folder <exe name>.exe.local in the application directory, the redirection is still applied.
For example, here is the embedded manifest for foo.exe:
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />
</dependentAssembly>
</dependency>
</assembly>
If I place a folder foo.exe.local in the application directory, then Windows tries to load comctl32.dll from foo.exe.local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.437_none_05b63dca071e5dd6\comctl32.dll, rather than the one under C:\Windows\WinSxS.
I tested this on Windows 10 x64 version 10.0.17763.437, and on Windows 7 x86 with latest patches.
So why is .local redirection still followed? How do I change the manifest to disable .local completely?
I have observed the same behavior as well. I would love to know if anyone knows how to disable Windows .local ("dotLocal") redirection - I believe this is a side effect of WinSxS side-by-side loading.
I have tested on Windows 10 x64, version 10.0.17763.503.
Note that I have discovered I can use an undocumented "loadFrom" feature of the manifest to force COMCTL32.DLL to load from the \Windows\System32 directory. However, this only works if the executable does not require Visual Styles and can use COMCTL32 version 5.x.
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<file name="comctl32.dll" loadFrom="%SystemRoot%\System32\" />
</assembly>
I have build a simple win32, 32 bits software that:
is really simple: one windows, two buttons,
does not need any external exotic library (the ideal is to run under any Windows computer).
This program works fine on xp and 7, but on Vista, the program requires to be running in administrator mode.
How can I tell Vista to run this program "normally"? I tried to edit properties, but nothing things strange. I don't know what requires the program to be launched as admin.
On Vista, this problem comes from the executable name: something_updater.exe.
Some solutions exist to correct the problem, choose one:
With a manifest file:
Add in the program folder some something_updater.exe.manifest file containing:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
name="something_updater.exe"
type="win32"
/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
At link time:
Add the following option to linker when building the executable:
/MANIFESTUAC:level=asInvoker /MANIFESTUAC:uiAccess=false
Change the program name, with some name not containing update nor setup.
I have created a manifest file for a VB6 application that is running on Windows 7 (not for any visual style changes, just to make sure it accesses the common registry and not a virtualised one)
The exe name is Capadm40.exe, the manifest is named Capadm40.exe.manifest and contains the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="CompanyName.Capadm40"
type="win32"/>
<description>Administers the System</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
However, this doesn't seem to make any difference. ie the application is still using the virtualised registry hive. What is also strange is the after I unticked the 'Run this program as an administrator' option in the properties of the application exe, windows still shows a shield on the application icon, leading my to think this is some issue with my windows installation rather than a fault with the manifest. Any ideas?
You're probably running afoul of the fusion cache (and the Explorer Shell's icon cache). External manifests are strongly discouraged anyway, but trying to add one after the program has previously been run often leads to such symptoms.
See Manifest and the fusion cache for a brief description.
You could also touch the EXE to reload the cache.
I would take advantage of LaVolpe's manifest creator, works great for XP, Vista and 7: http://www.vbforums.com/showthread.php?t=606736
I have only found one manifest that works across all platforms 9x+. or even works at all. I have tried all the examples, articles, etc.
the version number or anything else added to it will kill it. possible exception is the extra parameter on requestedExecutionLevel, that seems to be OK. you can change level, and you can add uiAccess. those are allowable. after a LOT of binary-count testing, I found out that those cute extra features of manifests that microsoft offers simply make windows give various errors.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
Applying the styles in the VB6 IDE:
Save this text in a file named vb6.exe.manifest in the same folder as the vb6.exe:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="Microsoft.VisualBasic.IDE"
type="win32"
/>
<description>Visual Basic 6 IDE</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
Add spaces in the file end until it reaches 672 bytes (multiple of 4).
Then:
download the Resource Hacker and open it as administrator
File > open the VB6.exe
File > New blank script
type:
1 24 "vb6.exe.manifest"
Compile script
Save
I have the following manifest embedded in a VB6 application.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="ExeName"
type="win32"/>
<description>elevate execution level</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
On 32bit Server 2008 machines the file correctly appears with a "Admin Shield" icon overlay and can only be run as administrator. On 64bit Server 2008 the same file does not have the icon overlay and can be run normally.
I have tried changing the processorArchitecture="X86" to both "*" and "ia64" and also removing the manifest from the compiled application and having it as a external manifest, all to no avail.
Any thoughts gratefully recieved.
Have you tried embedding your manifest as this post suggest?
http://www.xtremevbtalk.com/showthread.php?t=308937
Answer is near the bottom of the post with a link to:
http://blogs.msdn.com/vistacompatteam/archive/2006/11/13/manifest-and-the-fusion-cache.aspx
Because your processorArchitecture attribute indicates that it is a 32bit machine.