I am developing a very simple C# Windows Application (it only displays a message box saying "UACtest") that I want it to run at startup without prompting UAC.
For that I created a registry key for it under HKCU, and in the machine that I compiled it (Windows 8 64-bit using Visual Studio 2013) it runs at startup without promping UAC, as expected.
However, if I export the executable to a Windows 7 machine and do exactly the same thing, a UAC prompt is shown at startup.
Please note that the manifest of the executable has "asInvoker" on the "requestedExecutionLevel", the whole manifest is this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly
Also when I directly double click the executable, it never prompts UAC neither on Windows 7 32-bit or in the Windows 8 64-bit, the UAC prompting problem is only at startup.
I also tried to compile the executable on the Windows 7 32-bit machine (to maybe bypass some compatibility issues) and a strange thing happened, in that machine now UAC is not prompted at startup as expected, however, when I make the test on another machine (Windows 7 64-bit under Virtual Box) it prompted UAC at startup.
This has now really puzzled me, can someone please tell me a way to compile it so that it never prompts UAC at startup on all versions of Windows?
The project properties I used on Visual Studio 2013 are the default ones, except:
*Target framework: 2.0
*Platform target: x86
And the UAC settings on all machines where the default one: "Notify me only when applications try to make changes on my computer (default)"
Moving the executable has caused the destination system to mark the file as coming from a different system, and as a result the destination system will block execution at startup (in case the executable maliciously added itself to the startup).
Removing the block should fix the issue, it can however be avoided altogether if the executable is added to the system by an installer.
How to set up an installer is however a different question.
The problem was the Zone Identifier, which was set to 3, as for all files downloaded from internet.
If anyone else have this problem, just delete the Zone Identifier, for example with this tool:
http://jameskovacs.com/2005/04/11/zonestripper-updated/
And now the program should run at startup without prompting UAC.
Related
In our C# clickonce application we want to get the user's screen size (width, height). At first everything worked fine with
int width = Screen.FromControl(this).Bounds.Width;
int height= Screen.FromControl(this).Bounds.Height;
Later on I noticed that on our Windows 8.1 laptop the values returned are 1.25 times less than the real dimensions of the screen. That's when I noticed we have a DPI problem with certain Windows versions on high resolution screens.
I know that moving on to WPF would be a good option, but we are in need of a quick and dirty fix. After searching by Google I found several approaches as described here and I decided to go with this solution. After all, even the MSDN Blog entries suggest to add the following snippet to the app.manifest:
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
Unfortunately I do not understand how and where to add this code. My manifest (automatically generated by Visual Studio) looks like this:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
</application>
</compatibility>
</asmv1:assembly>
Note that I have removed commented parts to make the app manifest look smaller here. I have tried adding the snippet from above before </asm1:assembly> on the last line. Whenever I tried this, I get an exception before my application starts:
An unhandled exception of type 'System.ArgumentNullException' occurred in mscorlib.dll.
Additional information: Value cannot be null.
Oddly, someone else on stackoverflow.com suggested to uncheck Enable clickonce security settings in the app settings. This made the application start again and it worked on my laptop as expected: The app was upscaled and the text sharp. Also, I was able to get the correct screen size in pixels through my code.
Of course disabling the security settings is not an option if you want to deploy an application. So how can I fix this problem in order to get what I want? What am I missing? I am totally lost at this point.
Trying to start fresh:
Opened Visual Studio (2013 Pro)
New Windows Forms application called "Test"
Enabled "ClickOnce security settings"
Edited the manifest file again as suggest on other posts like here
Clicked on Start (or Build)
The following error appears. I don't know how to get more information about the error, becuase there is none...
Maybe it is too late for answer, but according to the answer of the same problem
Project Options > Debug > Enable the Visual Studio hosting process(disable it run app later enable it again)
I am writing code that calls the IApplicationActivationManager interface to open a windows store app.
I get the error:
"[Name of App] can't run while File Explorer is running with Administrator privileges..."
It is essential that I launch my app as a non administrator. I also don't control the administrator context that the code that calls the .exe I will create uses. So, two questions:
Can I (by changing the project settings or something) debug as a non-administrator?
Can I force my exe to run as a non administrator? (when it's out in the wild)
C4ud3x helpfully points out that this can be added to the app.manifest. This is true, but unfortunately it will still run as administrator if the invoker lets it (it is in fact the default value). It also looks like asInvoker is the lowest value.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
edit:
fine I accept the only answer to the first question is don't run visual studios as admin. Thanks for all your help with that.
In your project-explorer expand 'properties' and open your 'app.manifest'.
You can add this line there:
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
'AsInvoker' means the application is started with the permission-level from the user whos logged in.
This line should already be auto-generated and commented out in your manifest.
Edit:
Aaah, wait. You need to run as a non-admin while DEBUGGING??? Dont know how the permissions behave in debugging-mode.
I develop one window application and I also create one service. I start the service using coding in window application, but I am getting an error like cannot open window service on computer '.'
I have used below code.
ServiceController controller = new ServiceController("SeoMozScheduleService");
if (controller.Status == ServiceControllerStatus.Stopped)
{
controller.Start();
}
If i right click on Application and click on Run as Administrator than it works fine for me...
To make this automatic every time you open the application you have to add a manifest file to your solution, then update the requestedExecutionLevel node inside the file to look like this:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
However, changing this setting will result in the system prompting you every time to run the application as administrator if UAC is enabled.
Go to
c://Program Files/ApplicationFolder/.exe
Right-click on .exe and go to Properties then go Compatibility Tab and check true to Run this Program as an administrator Level.
if you are using visual studio then close it and re open visual sudio with run it as administrator
None of these solutions helped me, because it would help if I actually had ensured I had Administrator access on the target computer first! I was taking away and giving back Administrator access to my main account using my domain admin account. When I ran some ServiceController code that was checking if a service was running on a remote computer, under the domain admin account, all was fine. When I did it as my main account, that's when it didn't work - even when running Visual Studio as an Administrator. Turns out I had been testing without my main account in the local Admin group... d'oh!
I ran into this with a scheduled task on a server--checking the "Run with highest privileges" solved it. (The service account has to have admin rights of course for this to work.)
Framework version change in the app.conf to the version which is installed on the system fixed the issue for me.
The application probably does not need to require Administrator permission. The Microsoft Management Console (MMC) (that includes the Services snap-in) does not. The manifest for the MMC has:
<requestedExecutionLevel
level="highestAvailable"
uiAccess="false"
/>
It does not have level="requireAdministrator".
See c# - How do I create/edit a Manifest file? - Stack Overflow for instructions for adding a manifest to the project.
There are very many articles about the principle of Least Privilege, including the following.
Least Privilege
What is principle of least privilege (POLP)? - Definition from WhatIs.com
What is the Principle of Least Privilege (POLP)? A Best Practice for Information Security and Compliance \| Digital Guardian
What Is Least Privilege & Why Do You Need It? \| BeyondTrust
I have C# executable that I want to launch on Windows 7 without the dialogbox asking for run-as-administrator.. So here is my code inside the program that launches the C# executable named testApp.exe.
Process testApp = new Process();
testApp.StartInfo.FileName = "C:\\Program Files\\Common Files\\testApp.exe";
testApp.Start();
I also create the minfest for both programs. app.manifest for testApp.exe and app.manifest for the program that launches testApp.exe, and then I change the following line in both manifest to:
requestedExecutionLevel level="requireAdministrator" uiAccess="false"
When I double click on the testApp.exe to run it, testApp.exe program crashes, but when I run it as administrator, it works fine, no crash. So this behavoir also happens the same when i run the program that launches the testApp.exe, testApp.exe crashes.
I must do something wrong here. Do I need to change the name of the manifest because I use the default names that are generated by visual studio 2010.
thanks.
Actually you should only be using
requestedExecutionLevel level="requireAdministrator" uiAccess="false"
only when you want to run as administrator.
Change this to:
requestedExecutionLevel level="asInvoker" uiAccess="false"
And you'll be good to go.
Use
info.Verb = "runas"; // Provides Run as Administrator
my 50 cents,
instead of adding
requestedExecutionLevel level="asInvoker" uiAccess="false" in manifest you can use task scheduler to run almost anything in highest level (Administrator Mode)
source: http://www.liberalcode.com/2014/01/automating-run-as-administrator-from-c.html
although the above post talks about running it remotely, but you can easily change it to run locally.
I am attempting to make an updater program, that when updates it writes a build number into the windows 7 registry which the main program reads when checking for updates. I've gone through the UAC virtualization kb at microsoft's page, and have found nothing. My app.manifest has
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
and yet, when i look in HKEY_Local_Machine\Software the build entry is not there, i dont even see it in HKEY_USERS\_Classes\VirtualStore\Machine\Software either.
the code i'm using to enter into registry is
Registry.LocalMachine.CreateSubKey("SOFTWARE\\build");
RegistryKey myKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\build", true);
myKey.SetValue("build", "3", RegistryValueKind.String);
any ideas/suggestions?
If your application is targetting x86 platforms, when running on an x64 system, it will use the corresponding registry node with the following names:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ or HKEY_CURRENT_USER\SOFTWARE\Wow6432Node.
So, if you set platform target to x86 for your build, on x86 systems it will go under HKEY_LOCAL_MACHINE\SOFTWARE whereas on x64 systems it will go under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node which is a reserved node for applications running on WOW64(Windows 32-bit on Windows 64-bit) mode.
For more information see Registry Reflection