PDA

Click to See Complete Forum and Search --> : Forcing UAC dialog

netninja
March 25th, 2008, 02:20 PM
hello,
I would just like to know if anyone could please tell me how to force the appearance of the UAC permission dialog in Windows Vista. Usualy the dialog will appear if you right click any executable and click "Run as administrator" but when you just double click like normal it won't. My program needs to be running with administrator privilege, so if this privilege is not given I would like to be able to exit cleanly. I have written some code to detect whether the process is running with administrator privileges (detects both admin account token and admin process token) and it works well.

But I know out of instinct users tend to just double click to execute an executable rather than right clicking at all. I could tell them they need to right click and click "Run as administrator" but the message still might not get through and might confuse some users who are not using Vista where UAC does not apply.

I purposely wrote the code to detect an admin account token so that I can just exit out and print an error message before the UAC permission dialog is even shown. But I just need some way to make the UAC permission dialog appear even if the executable has just been double clicked.

Does anyone know how I can make it appear even when I don't explicitly run the program as administrator? thanks.
kirants
March 25th, 2008, 04:06 PM
http://msdn2.microsoft.com/en-us/library/bb756929.aspx
netninja
March 25th, 2008, 09:03 PM
Thanks kirants. but you don't suppose theres anyway I could do this programmatically? :/

my code checks for an admin account token. if there is no admin account token I want to print an error and exit. if there is an admin account, and an admin process token (my code also checks for this), execution will flow through like normal. if there is an admin account token, but no admin process token, my program should display the UAC admin permission prompt.

I add this to the project but it did nothing but generate a warning.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-
com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker|requireAdministrator|highestAvailable">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>



1>.\enviren.manifest : manifest authoring warning 81010003: Element "trustInfo" in an unrecognized namespace "urn:schemas-microsoft-
1> com:asm.v2".
CBasicNet
March 26th, 2008, 12:45 AM
Hey, you just copied the manifest blindly. level should be "requireAdministrator" and set the uiAccess accordingly to below.

Possible uiAccess values

False

The application does not need to drive input to the user interface of another window on the desktop. Applications that are not providing accessibility should set this flag to false. Applications that are required to drive input to other windows on the desktop (on-screen keyboard, for example) should set this value to true.

True

The application is allowed to bypass user interface control levels to drive input to higher privilege windows on the desktop. This setting should only be used for user interface Assistive Technology applications.


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-
com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="false">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>


I think the warning is alright. I also got 1 warning when embedding the manifest during linking.

Please read the link, kirants posted.
netninja
March 26th, 2008, 01:45 AM
Thanks CBasicNet but that didnt work neither.

checked the link again and found this one that seems to work :)


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="IsUserAdmin"
type="win32"/>
<description>Description of your application</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>