none
UIAccess in Manifest Files

    Question

  • I was trying to add a <requestedPrivileges> to a manifest file. Setting uiAccess = false works fine for my application. The documentation says that setting UIAccess = true, the application does not need to drive input to the UI of another window on the desktop. Applications that are not providing accessibility should set this flag to false. Applications that are required to drive input to other windows on the desktop (on-screen keyboard, for example) should set this value to true.

    Inspite of setting UIAccess = false, I am able to use SendMessage() and PostMessage() API's ( I tried closing other windows using these API's). So I am really not sure what previleges am I missing by setting UIAccess = false ? What does UIAccess = true actually mean ?


    Thanks in advance
    Kumar


    Friday, February 02, 2007 6:15 AM

All replies

  • 
    I was trying to add a <requestedPrivileges> to a manifest file. Setting uiAccess = false works fine for my application. The documentation says that setting UIAccess = true, the application does not need to drive input to the UI of another window on the desktop. Applications that are not providing accessibility should set this flag to false. Applications that are required to drive input to other windows on the desktop (on-screen keyboard, for example) should set this value to true.

    Inspite of setting UIAccess = false, I am able to use SendMessage() and PostMessage() API's ( I tried closing other windows using these API's). So I am really not sure what previleges am I missing by setting UIAccess = false ? What does UIAccess = true actually mean ?


    Thanks in advance
    Kumar



    Are you sure the receiving application got the message posted or send to it? Nothing stops the sending application to call Post/SendMessage but the actual message will be delivered or not depending on uiAccess.
     
    Willy.
     
    Friday, February 02, 2007 4:06 PM
  • This is what I learned so far:

    Applications running at normal privilege levels are NOT allowed to communicate with (i.e.; send messages to) applications running at higher privilege levels (e.g. the SendMessage API reports success but your message never reaches the target application running at a higher privilege).

    If your application needs to send messages to all applications, regardless of their privilege level:

    1 - The uiAccess flag MUST be set to True in your application's manifest.

    2 - Your code MUST be digitally signed (which means you must pay MS for a digital certificate).

    3 - Your application MUST reside in a trusted location (e.g.; Program Files), otherwise the uiAccess flag is ignored (so much for the user choosing where to place your application on THEIR hard drive).

    Regardless of the state of the uiAccess flag, your application will always be able to send messages/drive input to windows of applications running at privilege levels equal to or less than your own privilege level.

    Another piece of information in case you are having trouble putting a manifest in your executable (i.e.; the application fails to run with Windows complaining that it failed to initialize properly or something): the size of your manifest must be an exact multiple of 4 (i.e. if it is 253 bytes/characters, then you must pad the end of the manifest text with three spaces).

    Friday, February 02, 2007 5:29 PM
  • I have written several applications that uses either Journal Playback, or Journal Record, or both.

    Over the last 20(?) years, I have spent a lot of time working on this code.  I have a set of reusable classes that are used in these applications.  I started with what I learned from "Advanced Windows" by Jeffery Richter, and I bought that book shortly after it came out, so that should provide a rough estimate of how long ago I started writing these application.  I worked on one of the applications just recently.

    Now that I no longer run Windows XP, my previous effort is wasted and a large amount of code written over decades is useless to me.  (I have a Windows Media Center Edition computer in the basement that can still run the code, but my newer faster systems run Windows Vista and Windows 7 - the older system is on it's last legs).

    Deprecating a feature and requiring privileges is one thing.  Deprecating a feature and requiring that I pay Microsoft money to get my application certified and also requiring purchasing a digital certificate is troubling.  I can't afford to pay to get my code working.  Microsoft certification is very expensive.  This is very troubling.  I hope there is some way to work around this so I can run my own code on my own system, otherwise a lot of my time and effort will have gone to waste.

    Thursday, January 26, 2012 4:55 PM
  • Actually you can use makecert to create your own certificate, and then add the cert to your trusted certificate store to run the code on your own machine. More on how to do that here-

    http://social.msdn.microsoft.com/Forums/en-US/windowsgeneraldevelopmentissues/thread/350ceab8-436b-4ef1-8512-3fee4b470c0a

    Additionally, I don't think the code signing cert has to be from Microsoft, but can be purchased from any digital certificate authority (like Verisign, Entrust, DigiCert, etc.).

    I hope that gets you what you need to get your code working without any further investment.

    -Westley

    Wednesday, July 18, 2012 6:14 PM