Channel 9

Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

How To: Use Vista's UAC Feature To Avoid Always Requiring Admin Rights

Embed code for this video

Copy the code above to embed our video on your website/blog.

Close

Video format

Option selected may change based on video formats available and browser capability.

Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
  • If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

Windows Vista's UAC feature is designed to minimize security risks by running most applications under a standard user token, lessening the risk that an attacker could gain admin rights to the machine.  This is a great step forward for users, but it may leave developers wondering what to do when their apps do really need admin rights to complete a task.

Ian Griffiths to the rescue, with another screencast showing how to structure an app to enable certain admin tasks to run in an elevated context.

Be sure to also check out the UAC team's blog.

Tag:

Follow the Discussion

  • jmaznerjmazner
    Details on CoCreateInstanceAsAdmin and how to use the elevate moniker are here.  It boils down to this:

    Elevation:Administrator!new:{guid}
  • jmaznerjmazner
    Here's the snippet from the RGS files to register the COM component correctly for elevation:

    HKCR
    {
      NoRemove CLSID
     {
      ForceRemove {8E29BED3-2E02-49DC-A9B7-3A5984BCD95F} = s 'CanElevateWork Class'
      {
       ProgID = s 'CanElevate.CanElevateWork.1'
       VersionIndependentProgID = s 'CanElevate.CanElevateWork'
       ForceRemove 'Programmable'
       InprocServer32 = s '%MODULE%'
       {
        val ThreadingModel = s 'Apartment'
       }
       val AppID = s '%APPID%'
       'TypeLib' = s '{25CA48AF-1D18-4A9F-9749-7354C41CDCEC}'
       Elevation
       {
           val Enabled = d 1
       }
       val LocalizedString = s '@%MODULE%,-101'
      }
     }
    }


    HKCR
    {
     NoRemove AppID
     {
      '%APPID%' = s 'CanElevate'
      {
          val DllSurrogate = s ''
      }
      'CanElevate.DLL'
      {
       val AppID = s '%APPID%'
      }
     }
    }
  • larry_lailarry_lai
    Hi jmazner,

    Can we have your sample codes for reference?

    Thanks,
    Larry
  • djmitchelladjmitchella
     Not directly related to the content, but I'm wondering how you made that recording? The video has footage of the UAC desktop -- isn't that meant to be secure and inaccessible to normal applications like screen grabbers -- did you point a camera at your monitor, or is there some other way for apps to "see" that they're at the UAC desktop?

     I know you can try things like OpenInputDesktop(0,FALSE,0) and watch for failure to know if the secure desktop is up, but that's the opposite, that's _failing_ to get the desktop, not capturing images of it..
  • sintaxasnsintaxasn
    Hi Guys,
             I'm having a really tough time trying to implement the elevated COM method under VB.NET. I'm not an API guru, but need to be able to migrate some of my VB.NET utils for my company to use UAC.

    I've managed to create my own custom control which implements the Shield icon via a SendMessage API call, but the actual UAC part, I'm really stuck on.

    I've segmented out my Admin functions into COM classes, but am having a lot of difficulty figuring out how to use CoCreateAdminAsInstance through VB.NET.

    There doesn't seem to be any sample code available for VB.NET so any help in explaining this to me, or assisting in any way would be greatly appreciated!

    Thanks in advance, Dan.
  • eakeak

    The computer may restart when you add a manifest that has the Windows Vista extension to an .exe file or to a .dll file in Windows XP Service Pack 2 (SP2)

    http://support.microsoft.com/Default.aspx?kbid=921337


    Resolution 
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=463884&SiteID=1
  • robgarrettrobgarrett
    Check out this managed wrapper -:

    http://robgarrett.com/cs/blogs/software/archive/2007/02/12/net-wrapper-for-com-elevation.aspx

    Encapsulates all the hard stuff for non-C++ and non-COM developers.
  • VincentKaoVincentKao
    Hi jmazner,

    Could I have your sample codes for reference?

    Thank you,

    Vincent Kao
  • SugarDaddySugarDaddy
    Hello,

    That is an excellent video.  Your help is very much appreciated.  I noticed you have a video showing how to include the manifest with managed applications...

    When I launch a "requireAdministrator" .NET app, it gives the ugly "Allow/Cancel" prompt instead of the nice "Continue/Cancel" prompt -- the consent prompt.  But when I sign the file with an authenticode signature, it uses the consent prompt.  However, I don't know how to specify the application name like you do in this COM elevation demo.  Basically what I'm asking is how do you set the application / assembly name in a Managed app.  I've tried the <assemblyIdentity> element in the uac.manifest, but it seems to have no effect.  Any help?  Thanks.
  • JespJesp
    Hi jamazner,

       Can I have your sample code for reference ?
     
    Jesper Lin
  • IanGIanG IanG
    "I'm wondering how you made that recording? The video has footage of the UAC desktop -- isn't that meant to be secure and inaccessible to normal applications like screen grabbers -- did you point a camera at your monitor,"

    A bit late to be replying, but better late than never I suppose...

    The video capture was done by a 2nd PC with a video capture card whose input was wired into the VGA output of my laptop.

    So it was slightly higher tech than pointing a camera at the laptop, but it sort of has the same effect: it lets you grab exactly what's on screen, without falling foul of internal security barriers in the machine.


    Ian Griffiths

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

More posts in this blog

See More

Related posts

Creative Commons License

© 2013 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.