Vista User Access Control and Visual C++
An application lets the operating system know that it needs to run with admin privileges by a setting in the application manifest file. The simplest form of the manifest file to let Vista know that the application should run using the Administrator's token is:
<assembly>
<trustInfo>
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Using Visual C++, the elements in this manifest file can be merged with the other manifest files settings like the SxS options by saving the elements to a file (called custom.manifest) in this case, and specifying that the custom contents are added to the generated manifest file as part of the build process, as shown in Figure 4.
Digg
del.icio.us
Slashdot
DZone
Reddit
StumbleUpon
Facebook
FriendFeed
Furl
Newsvine
Google
LinkedIn
MySpace
Technorati
Twitter
Windows Live
YahooBuzzFigure 4: Visual C++ Settings to Add Custom Manifest Elements
With this manifest file in place, the application will bring up a UAC prompt at start-up as shown in Figure 5 (the sterner orange prompt is reserved for applications that are not digitally signed, as opposed to the blue prompt in Figure 1), and if the application is given permission to run, virtualization is disabled for all Windows SDK calls made by the process.
Click here for a larger image.
Figure 5: UAC Prompt for an Unsigned Application
For most applications, particularly those that have been given a security audit and run using the principle of least privilege, Vista UAC should not provide any nasty surprises. For administrative applications that require higher-level privileges, a simple addition to the manifest file can be used to let Windows Vista know the privilege level that the application needs to execute effectively. Finally, Vista provides a degree of virtualization to protect system-wide resources while allowing legacy applications to work without needing to prompt the user for privilege escalation.
About the Author
Nick Wienholt is a Windows and .NET consultant based in Sydney, Australia. He has worked on a variety of IT projects over the last decade and continues to stay involved in the developer community. Nick is the co-founder and president of the Sydney Deep .NET User group, writes technical articles for Pinnacle Publishing and the Microsoft Developer Network, and is a participant in many .NET-related newsgroups. Nick's most recent book is Maximizing .NET Performance.
Comment and Contribute
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
More for Developers
On the Codeguru Forums
Visit the Forums »Featured Partner Resources
Get your Android Apps ready for Intel® Atom™ processor-based smartphones and tablets now.
Use the Android NDK to deliver the best performance on Intel® Atom™ processor-based devices.- The Android community on the Intel® Software Network has everything you need to prepare your apps for Intel® Atom™ processor-based devices.
