locked
How can I extend requestedExecutionLevel to a launched Java application? RRS feed

  • Question

  •  

    Hi,

    I have an installer (MyInstaller.exe) that is generated by QT targeting Windows platforms.  It installs a Java application in a Jar file and launches it as the last step in the installation process.  Unfortunately, when it is launched by the installer, the drag and drop does not work  on Vista and Windows 7.  I created a manifest and set the requestedExecutionLevel to either highestAvailable or requireAdministrator and used mt.exe to update MyInstaller.  Then I used mt.exe to extract the manifest to verify it took and the extracted manifest looked just like my manifest.

    Yet the application still does not accept a drag and drop when launched from the installer.  If I launch it from the start menu or desktop shortcuts, the drag and drop work great.

    How can I extend the execution level to a launched program?

    Is there another way to accomplish what I need to do?  (maybe wrap it in another executable?)

    Thank you.

    Monday, September 27, 2010 7:50 PM

All replies

  • Can you change the installer to let it run a launcher app (e.g. launch4j) instead of jar?

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Monday, September 27, 2010 11:35 PM
  • I am in the process of trying to do this and I will report on my success.
    Tuesday, September 28, 2010 4:43 PM
  • After finally wrapping my jar into an exe using launch4j, I get the same behavior.  The application does not allow drag n drop when launched by the installer, but does when launched by the installed shortcut.

    Dang.

    Wednesday, September 29, 2010 9:34 PM
  • To do drag/drop your two processes needs to be running at the same integrity level. Did you modify launch4j's application manifest to always require running as administrator just like the installer does when installing for all users?

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Wednesday, September 29, 2010 10:24 PM
  • The extracted manifest of the exe I created (using mt.exe) is shown below:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
       <asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
         <asmv3:security>
           <asmv3:requestedPrivileges>
             <asmv3:requestedExecutionLevel level="requireAdministrator" uiAccess="false"></asmv3:requestedExecutionLevel>
           </asmv3:requestedPrivileges>
         </asmv3:security>
       </asmv3:trustInfo>
    </assembly>

    Note the requestedExecutionLevel is set to requireAdministrator.

     

    Wednesday, September 29, 2010 11:31 PM
  • Did you check the integrity level if your processes?

    If you can't get them to run at the same level, you can use a broker process that runs on the same level, or set uiAccess to true and digitally sign the app to get around UIPI.



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Thursday, September 30, 2010 2:43 AM
  • I have decided to prevent the launch of my application from the installer.  I have tried several options, none of which worked in all cases and from what I can gather, a solution that might work just seems too fragile.  See this thread:

    http://social.msdn.microsoft.com/forums/en-US/windowsuidevelopment/thread/2fa935cf-be57-4bcc-9b96-7ee5a6b2b7a5/

    I will investigate using a different installer (I'm using IzPack) that may have better control over the new security features of Vista/Windows 7.

    Thank you for all your help

     

    Friday, October 1, 2010 5:24 PM
  • This is probably the a good decision, since you don't necessarily know who started the installation in the first place, due to the behavior a standard-user experiences when encountering an installation. Trying to 'de-elevate' is a mistake, and a potentially bad one at that.  Are you sure your installer does not have the feature you are looking for?

    MSI should be able to satisfy your needs, but there is a significant time investment in becoming familiar with the technology. Luckily, it is 2010, and you have a plethora of well-engineered installer options, if the time investment in MSI/ORCA doesn't work out for you.  WiX is really quite excellent, if you are keen on MSI. If not, you've got technologies like NSIS and a number of other friendly options.

    Most of the popular, working installer technologies out there today have an architecture that includes a launcher executable (runs as user), an elevated 'installer' executable (runs as admin, or as a service, etc, and makes machinewide changes).  Post installation, if you launch something, you have the opportunity to do so from either the elevated context or the launcher executable - and per-user changes ideally happen at startup.

    Compare that to 2007 and I don't think I'm alone in feeling like this is one of the better evolutions to occur in the windows landscape as a direct consequence of UAC making windows developers care about the difference between per-user and per-machine.

    Thursday, October 7, 2010 6:45 PM