locked
Cannot get the UAC prompt for a control panel applet - what am I missing? RRS feed

  • General discussion

  • Hi, I am trying to get my control panel applet to run at an elevated privilege as it needs to perform privileged tasks, for example, start and stop a service and access files in \program files\...

    Here is what I do:

    1. compile using nmake, not visual studio.  i am using the tool chain from visual studio 2005.

    2. the result is, for example my_applet.dll

    3. I run this command to embed the manifest with the elevated privilege request:

    mt -manifest my_applet.dll.manifest -outputresource:my_applet.dll;2

    4. my manifest file looks like this and is 644 bytes, i.e., a multiple of 4 (some posts I read suggested it be a multiple of 4).

    <?xml version="1.0" encoding="utf-8"?>
    <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
      <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
          <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
            <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
          </requestedPrivileges>
        </security>
      </trustInfo>
    </asmv1:assembly>

    5. I rename the my_applet.dll to my_applet.cpl

    6. my install program puts my_applet.cpl in \windows\system32

    Post install, i open up control panel, and I see it.  If i double-click on it, nothing happens.  No prompt.  And it does not come up at all.  If I right-click and do "Run as..." it comes up fine.  Also, prior to embedding the manifest, i could bring up the applet, it just could not perform the privileged operations.

    What am I missing to get this to work?

    What are my alternatives?  The applet does consist of 3 tabs, can I make each tab require elevated privilege?  Do i have to get my dll signed?

    thank you


    • Moved by Kira Qian Monday, November 2, 2009 5:48 AM (From:Windows Forms General)
    • Moved by Michael Sun [MSFT]Microsoft employee Monday, November 2, 2009 8:24 AM security application development issue (From:Application Compatibility for Windows Development)
    Saturday, October 31, 2009 1:22 AM

All replies

  • Hi JCF5,


    Welcome to MSDN Forums!

    The forum here is mainly for application development compatibility issues for different versions of Windows.  The current issue is more related to application security development.  I will move this thread to Security for Applications in Microsoft Windows, http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/threads, for better response. 
     

    Have a nice day!

     

     

    Best Regards,
    Lingzhi Sun


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, November 2, 2009 8:23 AM
  • A little more research indicates the only way to accomplish this is to have a CPL applet 'shell' that starts the real applet in elevated mode, i.e., something like this:

    CreateProcess("RunLegacyCPLElevated SHELL32.DLL,Control_RunDLL YourCPLApplet.cpl")

    in the 'shell' DLL.

    apparently, manifest files appear to be totally ignored by the control panel if elevated privilege is requested.

    Does anyone have a BETTER way?

    Will this work?

    Monday, November 2, 2009 9:52 PM