Develop Reference

Web deployment task failed (This access control list is not in canonical form and therefore cannot be modified)

Publishing ASP.NET MVC 4 application to IIS 8 on my machine giving the following error :
This access control list is not in canonical form and therefore cannot be modified.
I am under Windows 10 and using VS 2013 Ultimate.
I installed web deploy 3.5 from web platform installer 5, and I made sure that the services are working

Solution 1
I was able to solve this problem in the following way
Go to IIS
Right click on the website that you are publishing to and select Edit Permissions
Click the Security tab.
Click on Edit button
A Message box will appear which tell that the Permission was not correctly ordered.
Click Reorder on that message box.
Solution 2
Open the Command prompt (CMD) and execute the following two statements
icacls.exe C:\inetpub\wwwroot /verify /T /C /L /Q
icacls.exe C:\inetpub\wwwroot /reset /T /C /L /Q
note : Maybe you will want to open the CMD with Administrator privilege (Maybe I am not sure)
Cheers

You can run the following command to fix it
command prompt
icacls.exe C:\inetpub\wwwroot\<VIRTUAL DIRECTORY> /verify /T /C /L /Q
// If any entries are reported as being not in canonical order then run:
icacls.exe C:\inetpub\wwwroot\<VIRTUAL DIRECTORY> /reset /T /C /L /Q
Source
powershell
$path = C:\inetpub\wwwroot\<VIRTUAL DIRECTORY>
$acl = Get-Acl $path
Set-Acl $path $acl
Source

You can prevent this problem by modifying your Visual Studio package generation parameters: In the PropertyGroup section of your pubxml file, add
<IncludeSetACLProviderOnDestination>False</IncludeSetACLProviderOnDestination>

How to install BHO without Wix in C#

I followed this link How to get started with developing Internet Explorer extensions? and after following it I got it to install on my own machine by using the Debug mode on Visual Studio. How do I install it on another users machine without them having to start up Visual Studio and run through Debug?

If you have have followed the link posted in the answer (making sure you have the register and unregister methods) then you can create a batch file that people can use to install it on their own machines.
Ex:
"%ProgramFiles(x86)%\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\gacutil.exe" /f /i "%~dp0YourDLL.dll"
"%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /unregister "%~dp0YourDLL.dll"
"%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" "%~dp0YourDLL.dll"
"%ProgramFiles(x86)%\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\x64\gacutil.exe" /f /i "%~dp0YourDLL.dll"
"%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /unregister "%~dp0YourDLL.dll"
"%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" "%~dp0YourDLL.dll"
REG ADD "HKLM\Software\Microsoft\Internet Explorer\Extensions{0A0F07FC-0099-4AAF-8D2F-C6C710EE91CA}" /v "Icon" /t REG_SZ /d "%~dp0Resources\YourIcon.ico" /f
REG ADD "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions{0A0F07FC-0099-4AAF-8D2F-C6C710EE91CA}" /v "Icon" /t REG_SZ /d "%~dp0Resources\YourIcon.ico" /f
You do not have to include the REG ADD at the end if you don't have an Icon that you want to use but I couldn't find a way to have a dynamic path for the icon in Visual Studio that would work so I decided to register it through the batch file itself. If you want info on registry commands for batch files you can look here: Is it possible to modify a registry entry via a .bat/.cmd script?.
The %~dp0 before the YourDLL in the first part of the code is to get the current path that your batch file is located in. I found that information out through this How do I find the current directory of a batch file, and then use it for the path?

I want to copy filenames in dynamic folder on right-klick to clipboard but zip

I want to copy filenames on right-clicking the containing folder to clipboard, but if there are zip, iso, rar, or 7z files I need a list of the content from them too.
I tried in batch/cmd but it won't work and now I am testing with C#. But I don't know how to simulate an explorer contextmenue-event to send the parameters to C#-App.
On both ways I start with a regedit entry in:
HKEY_CLASSES_ROOT\Directory\shell\Liste\command\` REG_SZ with attribute C:\liste.bat "%1%"`
liste.bat:
set var=%1\
set listtmp
del c:\ESC\* /q /f
dir c:\ESC\
copy %var% c:\ESC\
cd c:\ESC\
dir /s /b >%listtmp%
if exist c:\ESC\*.zip
(7z l *.zip >>%listtmp%)
if exist c:\ESC\*.7z
(7z l *.7z >>%listtmp%)
echo listtmp|clip
C# offers the benefit of list handling in variables and enums for checking archives, but I don't understand how to use the parameter from a drop-menu to start my C#-app, so the batch is more handy, with C#-exes more people have doubt because adware... paranoid colleague ;)
I think there is a way, without copping the files and without that amount of variables. Oh and sorry when I not mentioned a vary necessary thing, this is my first post.

Next C:\bat\dirToClp.bat file could help with your I want to copy filenames on right-clicking the containing folder to clipboard:
#ECHO OFF >NUL
#SETLOCAL enableextensions
set "listtmp=%tmp%\list.tmp"
pushd "%~1"
dir /S /B /A-D>"%listtmp%"
if exist *.zip 7z l *.zip>>"%listtmp%"
if exist *.7z 7z l *.7z>>"%listtmp%"
type "%listtmp%"|clip
del "%listtmp%"
popd
echo Your clipboard now holds result of:
echo dir %CD%
pause
#ENDLOCAL
#goto :eof
Here echo and pause for when using clip in a batch script you should warn the user that their clipboard is about to be overwritten. Eventually /A-D switch could be removed from dir /S /B /A-D if desired (causes folder names not implicated in list).
Please pay your attention to 7z calls since I can't verify and confirm rightness of.
The value c:\windows\system32\cmd.exe /D /C c:\bat\dirToClp "%1" exported from registry as follows (but could be under HKEY_CLASSES_ROOT\Folder registry key instead of HKEY_CLASSES_ROOT\Directory):
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell\DirToClipboard]
[HKEY_CLASSES_ROOT\Directory\shell\DirToClipboard\command]
#="c:\\windows\\system32\\cmd.exe /D /C c:\\bat\\dirToClp \"%1\""
;
Here is not pure C:\bat\dirToClp.bat call but via cmd.exe /D /C because, for workaday and security reasons, I use "Open with PSPad" default action for .bat, .cmd, .vbs etc.
Also the batch saved in that C:\bat folder for I avoid placing files to disk root (and to %userprofile% root and to desktop as well) as a matter of general principle.

How to correctly sign an executable

I have made a little tool. It is a console application that when running on Win7 brings the UAC security prompt.
I tried to sign this EXE file in Visual Studio 2010 using the following steps:
Project properties
Signing
Create new key as shown below
The key file was successfully created, as you can see in the capture below.
Issues:
File is still being blocked by the UAC security prompt. When I checked the file whether signed or not using the signtool.exe, it tells me, no signature was found.
Please correct me if I'm following the wrong steps.

Assembly signing != Authenticode signing.
To authenticode sign an assembly with signtool, you'll need a code signing certificate from a trusted issuing authority.
You can then issue the following post-build command to sign your executable:
"signtool.exe" sign /f "$(SolutionDir)myCertificate.pfx" /p certPassword /d "description" /du "http://myinfourl" /t "http://timeserver.from.cert.authority/" $(TargetPath)
Everything you need to know about Authenticode Code Signing

Basically you have 2 options, using a command that you manually execute or execute via a batch file
signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "D:\Source\Certificates\CodeSign.pfx" /as /p MyPassword "{path to exe}"
becomes a bit frustrating after a while
Better add it on your project's option page in the Build Events.
In your post build you would enter
call "C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "D:\Source\Certificates\CodeSign.pfx" /p MyPassword $(TargetPath)
the Macro $(TargetPath) will be filled with the path to your compiled exe or dll.
Now each time you compile you will get a signed file.
Would look something like this:

Running multiple apps as Admin

I've need to add a function to my C# WPF application to fix up certain registry entries.
This would be done by calling regsvr32.exe /s mylib.dll. Now, this should be easy to do from what I see using the runas verb with a new Process object. (My dll does require admin rights due to some registry keys it writes to.)
But the problem is there are multiple DLLs, thus multiple invocations of regsvr32.exe, and it is not possible to put all the registrations into a single .dll. But were I to just runas multiple times, the user would get as many UAC dialogs as I start it... and I don't want that.
I want just a single dialog, and I really really want to avoid having a mystery extra fixer.exe file to have to do the launching instead. Now, I only know Windows Security stuff on a really basic level, but shouldn't it be possible to get an 'admin' token somehow (which gets me the UAC dialog) and use that to launch the different processes?

You can just use command line arguments, and shell to your own .exe running that process as an admin. When your application loads, check for those command line arguments...If they are there, register all of your dlls, then exit.
Or, you could write a batch file that registers all of the dlls, and shell to that with admin rights.

The issue here is security. You have three options:
Create a service account and run the application with service account privileges.
Prep the target machines that the application will run on with some sort of install package.
Use powershell to invoke regsvr32.exe with admin rights ->
function Run-Elevated ($scriptblock)
{
# TODO: make -NoExit a parameter
# TODO: just open PS (no -Command parameter) if $sb -eq ''
$sh = new-object -com 'Shell.Application'
$sh.ShellExecute('powershell', "-NoExit -Command $sb", '', 'runas')
}
I would opt for option 2, as registering dll's are more than an installation step. The registering of the dll crosses the boundary of the account privileges needed to run the main application. If your app is running on a domain environment an MSI could be rolled out to prep each machine?

If you want only one single UAC prompt, there is already an answer at Stackoverflow, look here.
This script elevates itself once, and you can execute a sequence of commands which all need elevated rights, so you don't get multiple UAC prompts anymore.
In your case, this means you can just append the invokations of
regsvr32.exe /s mylib1.dll
regsvr32.exe /s mylib2.dll
regsvr32.exe /s mylib3.dll
at the end of the script mentioned above, i.e.
:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
#echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================
:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
:getPrivileges
if '%1'=='ELEV' (shift & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************
setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B
:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd .
REM The following code will cause Windows UAC to prompt only once
regsvr32.exe /s mylib1.dll
regsvr32.exe /s mylib2.dll
regsvr32.exe /s mylib3.dll
and the UAC dialog will only appear once.