September 1, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Vista User Access Control and Visual C++

  • May 11, 2007
  • By Nick Wienholt
  • Send Email »
  • More Articles »

An application lets the operating system know that it needs to run with admin privileges by a setting in the application manifest file. The simplest form of the manifest file to let Vista know that the application should run using the Administrator's token is:

<assembly>
   <trustInfo>
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" />
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>

Using Visual C++, the elements in this manifest file can be merged with the other manifest files settings like the SxS options by saving the elements to a file (called custom.manifest) in this case, and specifying that the custom contents are added to the generated manifest file as part of the build process, as shown in Figure 4.

Figure 4: Visual C++ Settings to Add Custom Manifest Elements

With this manifest file in place, the application will bring up a UAC prompt at start-up as shown in Figure 5 (the sterner orange prompt is reserved for applications that are not digitally signed, as opposed to the blue prompt in Figure 1), and if the application is given permission to run, virtualization is disabled for all Windows SDK calls made by the process.



Click here for a larger image.

Figure 5: UAC Prompt for an Unsigned Application

For most applications, particularly those that have been given a security audit and run using the principle of least privilege, Vista UAC should not provide any nasty surprises. For administrative applications that require higher-level privileges, a simple addition to the manifest file can be used to let Windows Vista know the privilege level that the application needs to execute effectively. Finally, Vista provides a degree of virtualization to protect system-wide resources while allowing legacy applications to work without needing to prompt the user for privilege escalation.

About the Author

Nick Wienholt is a Windows and .NET consultant based in Sydney, Australia. He has worked on a variety of IT projects over the last decade and continues to stay involved in the developer community. Nick is the co-founder and president of the Sydney Deep .NET User group, writes technical articles for Pinnacle Publishing and the Microsoft Developer Network, and is a participant in many .NET-related newsgroups. Nick's most recent book is Maximizing .NET Performance.





Page 2 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel