How To: Tell Vista's UAC What Privelege Level Your App Requires

Sign in to queue

Description

Windows Vista's UAC feature is designed to minimize security risks by running most applications under a standard user token, lessening the risk that an attacker could gain admin rights to the machine.  UAC allows executables to specify what privelege level they require -- if an app doesn't provide a specification, it will be run in the context of a standard user, but UAC will provide some virtualization features to make it appear as though certain admin tasks succeeded.

Ian Griffiths presents another screencast that covers the default virtualization behavior, and then shows how to write a UAC manifest to specify a desired privelege level, for both native win32 apps and managed .NET apps.

Be sure to also check out the UAC team's blog, as well as How To: Use Vista's UAC Feature To Avoid Always Requiring Admin Rights.

Here's an example of a manifest:

<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

Embed

Download

Download this episode

The Discussion

  • User profile image
    Mike Dimmick
    Note that you don't need to edit the project file to add a Win32 resource to a C# project. You can do this through the UI. Go to the Application tab in Project Properties, then under Resources, click the Resource File radio button. Enter the path to your .res file in the edit box or use the browse button to locate it.

    If you still want your application to have an icon, you need to include it in your .rc file. You'll want something like:

    1 ICON DISCARDABLE "myicon.ico"
  • User profile image
    BogeyMan
    The problem here is that if you have existing resoures (version info) it gets overwritten, so the resulting executable doesn't have the version info - at least that's what's happening to my app.
  • User profile image
    JohnEdward
    Is it not possible to write a manafest in VB6 (SP5).  Do I need to have VB.net?
    Expressionless
  • User profile image
    Moss

    The link to the video is broken, even when Silverlight is installed on your machine
     

Add Your 2 Cents