none
UAC: All Information Developers need about the User Account Control (UAC)

    General discussion

  • Hi and welcome.

    Since, so many users always are asking about UAC and they have a lot of different questions, I decided to share information and knowledge from my own experience.

    User Account Control (UAC) is a new security feature in Windows Vista™. This new security technology is used for malware execution prevention.

    UAC can also cause trouble: yes UAC will cause so called trouble for normal PC users who do NOT understand how to use the UAC technology.

    As a developer I want to make my application UAC aware: well this isn’t easy to do if you are a beginner in Microsoft® Development and in developing “windowsapplications”. However what’s great is that I will guide you through and give all information you might need.


    Consent prompt
    Figure A: UAC credential prompt dialog.

    Give my application full-rights at launch: by changing the
    requestExecutionLevel to “requireAdministrator
    ”, your application (*.exe) will be decorated with a shield icon (see picture below) and run through UAC elevation.



    <?xml version="1.0" encoding="utf-8"?>

    <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <assemblyIdentity version="1.0.0.0" name="MyApplication.app" />

      <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">

        <security>

          <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">

            <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

          </requestedPrivileges>

          <applicationRequestMinimum>

            <PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true" ID="Custom" SameSite="site" />

            <defaultAssemblyRequest permissionSetReference="Custom" />

          </applicationRequestMinimum>

        </security>

      </trustInfo>

    </asmv1:assembly>


    More details:

    <!-- UAC Manifest Options

                If you want to change the Windows User Account Control level replace the

                requestedExecutionLevel node with one of the following.

     

            <requestedExecutionLevel  level="asInvoker" uiAccess="false" />

            <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />

            <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

     

                If you want to utilize File and Registry Virtualization for backward

                compatibility then delete the requestedExecutionLevel node.

            -->


    To execute another process through UAC elevation: you use the
    ProcessStartInfo class; you also enable UseShellExecute and add “runas” for Verb
    :

                try

                {

                    ProcessStartInfo proc = new ProcessStartInfo();

                    proc.UseShellExecute = true;

                    proc.WorkingDirectory = @"C:\Windows\System32\";

                    proc.FileName = @"C:\Windows\System32\cmd.exe";

                    proc.Verb = "runas";

     

                    Process.Start(proc);

                }

                catch (Exception ex)

                {

                    MessageBox.Show(ex.Message);   

                }


    I want to add the nice UAC shield icon to my button: this we can easy do by using the API which can be found in the User32.dll:



    [DllImport("user32")]

            public static extern UInt32 SendMessage

                (IntPtr hWnd, UInt32 msg, UInt32 wParam, UInt32 lParam);

     

            internal const int Normal = 0x1600; // Normal button.

            internal const int Shield = 0x160C; // UAC shield will be added to the button.



    http://windowshelp.microsoft.com/windows/supportFiles/global/gl_icon_warning.gif Important Note: The APIs to decorate a button are the same in Windows® 7 as in Windows Vista™. To launch your app with full permission, as always the edit the  
    app.manifest the same settings apply for Windows® 7.  

    Additional information:


    Have a nice day…

    Best regards,
    Fisnik


    Feedback
    If you have any feedback, please tell us.
    Send us any feedback you have about the help from MSFT at
    fbmsdn@microsoft.com.


    Coder24.com
    Friday, August 14, 2009 12:03 PM

All replies