I have C# executable that I want to launch on Windows 7 without the dialogbox asking for run-as-administrator.. So here is my code inside the program that launches the C# executable named testApp.exe.
Process testApp = new Process();
testApp.StartInfo.FileName = "C:\\Program Files\\Common Files\\testApp.exe";
testApp.Start();
I also create the minfest for both programs. app.manifest for testApp.exe and app.manifest for the program that launches testApp.exe, and then I change the following line in both manifest to:
requestedExecutionLevel level="requireAdministrator" uiAccess="false"
When I double click on the testApp.exe to run it, testApp.exe program crashes, but when I run it as administrator, it works fine, no crash. So this behavoir also happens the same when i run the program that launches the testApp.exe, testApp.exe crashes.
I must do something wrong here. Do I need to change the name of the manifest because I use the default names that are generated by visual studio 2010.
thanks.
Actually you should only be using
requestedExecutionLevel level="requireAdministrator" uiAccess="false"
only when you want to run as administrator.
Change this to:
requestedExecutionLevel level="asInvoker" uiAccess="false"
And you'll be good to go.
Use
info.Verb = "runas"; // Provides Run as Administrator
my 50 cents,
instead of adding
requestedExecutionLevel level="asInvoker" uiAccess="false" in manifest you can use task scheduler to run almost anything in highest level (Administrator Mode)
source: http://www.liberalcode.com/2014/01/automating-run-as-administrator-from-c.html
although the above post talks about running it remotely, but you can easily change it to run locally.
Related
Is there a way to check if an existing process is already running as Administrator/Elevated from a VB .Net WinForm application? I have a utility which connects to the Main application via API. This was all working fine on Windows 7 but on Windows 10, my utility was unable to connect to the main program via API. I tired lots of things but nothing worked. Finally I found that if I run the main program As Administrator, the my API utility worked/connected just like that. I reviewed the documentation for Process class (https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.process?view=netframework-4.7.2) but can't find anything obvious to elevated execution property. Any advise or code snippet would be appreciated.
In Windows 10 Task Manager, you can see if the process is running as Elevated or Not. I just need something to capture this in the code.
After some testing around I found that after adding app.manifest file with below settings and adding a property IsElevated in the code, I could see if the exe is running as Elevated or not in Task manager. Hope this can help anyone looking for similar matter.
from app.manifest file:
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
Public ReadOnly Property IsElevated As Boolean
Get
Return New WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)
End Get
End Property
When using in the code:
If IsElevated = True Then
Me.Text = "TEST Utility - Administrator (Elevated)"
End If
If IsElevated = False Then
Me.Text = "TEST Utility - Normal (Non-Elevated)"
End If
I am writing code that calls the IApplicationActivationManager interface to open a windows store app.
I get the error:
"[Name of App] can't run while File Explorer is running with Administrator privileges..."
It is essential that I launch my app as a non administrator. I also don't control the administrator context that the code that calls the .exe I will create uses. So, two questions:
Can I (by changing the project settings or something) debug as a non-administrator?
Can I force my exe to run as a non administrator? (when it's out in the wild)
C4ud3x helpfully points out that this can be added to the app.manifest. This is true, but unfortunately it will still run as administrator if the invoker lets it (it is in fact the default value). It also looks like asInvoker is the lowest value.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
edit:
fine I accept the only answer to the first question is don't run visual studios as admin. Thanks for all your help with that.
In your project-explorer expand 'properties' and open your 'app.manifest'.
You can add this line there:
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
'AsInvoker' means the application is started with the permission-level from the user whos logged in.
This line should already be auto-generated and commented out in your manifest.
Edit:
Aaah, wait. You need to run as a non-admin while DEBUGGING??? Dont know how the permissions behave in debugging-mode.
I am developing a very simple C# Windows Application (it only displays a message box saying "UACtest") that I want it to run at startup without prompting UAC.
For that I created a registry key for it under HKCU, and in the machine that I compiled it (Windows 8 64-bit using Visual Studio 2013) it runs at startup without promping UAC, as expected.
However, if I export the executable to a Windows 7 machine and do exactly the same thing, a UAC prompt is shown at startup.
Please note that the manifest of the executable has "asInvoker" on the "requestedExecutionLevel", the whole manifest is this:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly
Also when I directly double click the executable, it never prompts UAC neither on Windows 7 32-bit or in the Windows 8 64-bit, the UAC prompting problem is only at startup.
I also tried to compile the executable on the Windows 7 32-bit machine (to maybe bypass some compatibility issues) and a strange thing happened, in that machine now UAC is not prompted at startup as expected, however, when I make the test on another machine (Windows 7 64-bit under Virtual Box) it prompted UAC at startup.
This has now really puzzled me, can someone please tell me a way to compile it so that it never prompts UAC at startup on all versions of Windows?
The project properties I used on Visual Studio 2013 are the default ones, except:
*Target framework: 2.0
*Platform target: x86
And the UAC settings on all machines where the default one: "Notify me only when applications try to make changes on my computer (default)"
Moving the executable has caused the destination system to mark the file as coming from a different system, and as a result the destination system will block execution at startup (in case the executable maliciously added itself to the startup).
Removing the block should fix the issue, it can however be avoided altogether if the executable is added to the system by an installer.
How to set up an installer is however a different question.
The problem was the Zone Identifier, which was set to 3, as for all files downloaded from internet.
If anyone else have this problem, just delete the Zone Identifier, for example with this tool:
http://jameskovacs.com/2005/04/11/zonestripper-updated/
And now the program should run at startup without prompting UAC.
I am currently running a Windows 7 x64 machine.
I have written the following code to add a context menu on right click:
RegistryKey rKey = Registry.ClassesRoot.OpenSubKey("Directory\\Background\\shell", true);
String[] names = rKey.GetSubKeyNames();
foreach (String s in names)
{
System.Windows.Forms.MessageBox.Show(s);
}
RegistryKey newKey = rKey.CreateSubKey("Your Application");
RegistryKey newSubKey = newKey.CreateSubKey("command");
newSubKey.SetValue("", "C:\\Windows\\System32\\notepad.exe");
newSubKey.Close();
newKey.Close();
rKey.Close();
If I repeat the procedure directly on the registry, it works, but not via this.
I am also able to access the registry, as I have added a snippet that tells lists all subkeys that I require, but simply does not add one.
I have tested your code and it is well & good. Looks like you dont have access rights to open the registry from the code. Just follow these simple steps:
Close your Visual studio. Then Open it again as Run As Administrator mode. This one you can do by Right clicking on the Visual Studio link and choose Run As Administrator option.
Open your code and run it from there.
If you want to directly run the program from the Exe then Right click on Exe & choose Run As Administrator option.
If you don't want to do Run As Administrator, then follow these steps:
Add a new file to you project called App.manifest; by adding a new File from Project.
Add following data to that file, rest it will do the magic.
Just replace your application name with MyApplication.app. The important part is the section. Rest is auto generated.
xmlns:asmv1="urn:schemas-microsoft-com:asm.v1"
xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator"
uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
I develop one window application and I also create one service. I start the service using coding in window application, but I am getting an error like cannot open window service on computer '.'
I have used below code.
ServiceController controller = new ServiceController("SeoMozScheduleService");
if (controller.Status == ServiceControllerStatus.Stopped)
{
controller.Start();
}
If i right click on Application and click on Run as Administrator than it works fine for me...
To make this automatic every time you open the application you have to add a manifest file to your solution, then update the requestedExecutionLevel node inside the file to look like this:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
However, changing this setting will result in the system prompting you every time to run the application as administrator if UAC is enabled.
Go to
c://Program Files/ApplicationFolder/.exe
Right-click on .exe and go to Properties then go Compatibility Tab and check true to Run this Program as an administrator Level.
if you are using visual studio then close it and re open visual sudio with run it as administrator
None of these solutions helped me, because it would help if I actually had ensured I had Administrator access on the target computer first! I was taking away and giving back Administrator access to my main account using my domain admin account. When I ran some ServiceController code that was checking if a service was running on a remote computer, under the domain admin account, all was fine. When I did it as my main account, that's when it didn't work - even when running Visual Studio as an Administrator. Turns out I had been testing without my main account in the local Admin group... d'oh!
I ran into this with a scheduled task on a server--checking the "Run with highest privileges" solved it. (The service account has to have admin rights of course for this to work.)
Framework version change in the app.conf to the version which is installed on the system fixed the issue for me.
The application probably does not need to require Administrator permission. The Microsoft Management Console (MMC) (that includes the Services snap-in) does not. The manifest for the MMC has:
<requestedExecutionLevel
level="highestAvailable"
uiAccess="false"
/>
It does not have level="requireAdministrator".
See c# - How do I create/edit a Manifest file? - Stack Overflow for instructions for adding a manifest to the project.
There are very many articles about the principle of Least Privilege, including the following.
Least Privilege
What is principle of least privilege (POLP)? - Definition from WhatIs.com
What is the Principle of Least Privilege (POLP)? A Best Practice for Information Security and Compliance \| Digital Guardian
What Is Least Privilege & Why Do You Need It? \| BeyondTrust