Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
|
LinkBack | Thread Tools | Display Modes |
|
|||
.net 1.1 EXE in startup folder on VISTA
Our application installs a .NET 1.1 EXE created with VB.NET into the startup
folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? |
|
|||
.net 1.1 EXE in startup folder on VISTA
Hello,
Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
Thanks. I tried using the manifest and it did not work.
Our program is not installed in the program files directory (unfortunately, I'd love it to be, but the clients AND support staff of our clients do not want it there). I need the program to launch when the user logs in. It's OUR task scheduler which checks for updates, synchronizes with our server, etc etc. It has an UI. It sits in the task tray, and allows the user to show it to see the UI. I'm not 100% following what you say, but I need to have this happen from our install program. I can't expect the users to do anything on their end. "Jimmy Brush" wrote in message ... Hello, Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
Basically, what I am saying, is that if your program needs
administrator privileges AND needs to be interactive on the desktop AND needs to be running on every administrative user's desktop that uses the computer, you need to have the task scheduler start your program instead of Windows Explorer (which starts programs in the startup folder). Windows Explorer cannot start elevated applications without prompting the user (which is blocked for startup apps), Task Scheduler can. If *only* administrators will use your program, or all users on the computer are administrators, you can have your installer register your program with Windows' task scheduler, as i mentioned in my last post, and instruct the task scheduler to start your program when administrators on your machine log in. This will do what you want, but only for administrator accounts on the computer. The task scheduler is just an alternate way of having your program start that will work on vista, as opposed to putting it in the startup folder (which doesn't work for your needs). You can use the task scheduler API's inside your setup program to do this without requiring the end user to do anything special. If your program UI needs to run inside both standard user and administrative accounts, then your program should be rearchitected so that the UI runs as a non-privileged application and the privileged core runs as a Windows Service. In fact, based on what you've said about your application, this might be a better way to implement your application. On Mon, 14 May 2007 14:18:44 -0400, "AC" wrote: Thanks. I tried using the manifest and it did not work. Our program is not installed in the program files directory (unfortunately, I'd love it to be, but the clients AND support staff of our clients do not want it there). I need the program to launch when the user logs in. It's OUR task scheduler which checks for updates, synchronizes with our server, etc etc. It has an UI. It sits in the task tray, and allows the user to show it to see the UI. I'm not 100% following what you say, but I need to have this happen from our install program. I can't expect the users to do anything on their end. "Jimmy Brush" wrote in message .. . Hello, Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
I should also add that it is *critical* that your program be installed
in a security-restricted folder. If you can't use a system folder, you need to make sure that whatever folder your app is installed in is security restricted so that non-admin users cannot write to it. If non-admin users have write access to your program, they may be able to replace your program with any other program of their choosing, which will be ran with admin privileges the next time an admin logs on to the computer, and easily gain control over your computer. - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
We can't rearchitect the application. We need to support Win98, and we need
it to run the way it is. Most (98%?) run our program as a startup program, but some do not. Without getting too detailed, we can't change the application that dramatically. Our testers took the manifest file I gave them, and when they put it in play, all of a sudden the Blocked Programs popup bubble did not come back when they restarted. HOWEVER, the program did not seem to do as expected. We need the application to run whether it's an admin or not an admin. Obviously, an admin installs our app, but from that point, in most cases, the same account will run the application, but in others, it will NOT be an admin running the program. Scheduling via a task scheduler sounds promising, but I need to be able to do this automatically via our installer, and not rely on the users to do that. Are there registry settings/etc I can set? Is there something in my manifest that can be done to get this to work? Our startup "program" does the following: 1) Checks a folder on the local PC to see if an update has been downloaded by our updater (happens during our auto synchronization every evening, and if an update is there) 2) Once the update files areput in their proper places, it launches another EXE, but stays in memory. It monitors this EXE it launched, and if it is shut down, with the right exit code, it knows it's time to apply the update and relaunch. If it exits normally, then it just closes itself as well.. "Jimmy Brush" wrote in message ... Basically, what I am saying, is that if your program needs administrator privileges AND needs to be interactive on the desktop AND needs to be running on every administrative user's desktop that uses the computer, you need to have the task scheduler start your program instead of Windows Explorer (which starts programs in the startup folder). Windows Explorer cannot start elevated applications without prompting the user (which is blocked for startup apps), Task Scheduler can. If *only* administrators will use your program, or all users on the computer are administrators, you can have your installer register your program with Windows' task scheduler, as i mentioned in my last post, and instruct the task scheduler to start your program when administrators on your machine log in. This will do what you want, but only for administrator accounts on the computer. The task scheduler is just an alternate way of having your program start that will work on vista, as opposed to putting it in the startup folder (which doesn't work for your needs). You can use the task scheduler API's inside your setup program to do this without requiring the end user to do anything special. If your program UI needs to run inside both standard user and administrative accounts, then your program should be rearchitected so that the UI runs as a non-privileged application and the privileged core runs as a Windows Service. In fact, based on what you've said about your application, this might be a better way to implement your application. On Mon, 14 May 2007 14:18:44 -0400, "AC" wrote: Thanks. I tried using the manifest and it did not work. Our program is not installed in the program files directory (unfortunately, I'd love it to be, but the clients AND support staff of our clients do not want it there). I need the program to launch when the user logs in. It's OUR task scheduler which checks for updates, synchronizes with our server, etc etc. It has an UI. It sits in the task tray, and allows the user to show it to see the UI. I'm not 100% following what you say, but I need to have this happen from our install program. I can't expect the users to do anything on their end. "Jimmy Brush" wrote in message . .. Hello, Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
I need admin and non-admin users alike to be able to write to the
folder..... Our software update process requires it (whatever user is logged in admin or not admin need to be able to do this). A lot of our installs are single, stand alone machines..... "Jimmy Brush" wrote in message ... I should also add that it is *critical* that your program be installed in a security-restricted folder. If you can't use a system folder, you need to make sure that whatever folder your app is installed in is security restricted so that non-admin users cannot write to it. If non-admin users have write access to your program, they may be able to replace your program with any other program of their choosing, which will be ran with admin privileges the next time an admin logs on to the computer, and easily gain control over your computer. - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
So your application doesn't need admin privileges at all?
OK ... I guess I glazed over 'asInvoker' in your manifest and thought it said 'highestAvailable'. If your app doesn't need admin privileges under any circumstances, then you are doing everything correctly, you don't need to use task scheduler, and it should be working... Try removing 'uiaccess=true' from your manifest. On Mon, 14 May 2007 15:01:59 -0400, "AC" wrote: We can't rearchitect the application. We need to support Win98, and we need it to run the way it is. Most (98%?) run our program as a startup program, but some do not. Without getting too detailed, we can't change the application that dramatically. Our testers took the manifest file I gave them, and when they put it in play, all of a sudden the Blocked Programs popup bubble did not come back when they restarted. HOWEVER, the program did not seem to do as expected. We need the application to run whether it's an admin or not an admin. Obviously, an admin installs our app, but from that point, in most cases, the same account will run the application, but in others, it will NOT be an admin running the program. Scheduling via a task scheduler sounds promising, but I need to be able to do this automatically via our installer, and not rely on the users to do that. Are there registry settings/etc I can set? Is there something in my manifest that can be done to get this to work? Our startup "program" does the following: 1) Checks a folder on the local PC to see if an update has been downloaded by our updater (happens during our auto synchronization every evening, and if an update is there) 2) Once the update files areput in their proper places, it launches another EXE, but stays in memory. It monitors this EXE it launched, and if it is shut down, with the right exit code, it knows it's time to apply the update and relaunch. If it exits normally, then it just closes itself as well.. "Jimmy Brush" wrote in message .. . Basically, what I am saying, is that if your program needs administrator privileges AND needs to be interactive on the desktop AND needs to be running on every administrative user's desktop that uses the computer, you need to have the task scheduler start your program instead of Windows Explorer (which starts programs in the startup folder). Windows Explorer cannot start elevated applications without prompting the user (which is blocked for startup apps), Task Scheduler can. If *only* administrators will use your program, or all users on the computer are administrators, you can have your installer register your program with Windows' task scheduler, as i mentioned in my last post, and instruct the task scheduler to start your program when administrators on your machine log in. This will do what you want, but only for administrator accounts on the computer. The task scheduler is just an alternate way of having your program start that will work on vista, as opposed to putting it in the startup folder (which doesn't work for your needs). You can use the task scheduler API's inside your setup program to do this without requiring the end user to do anything special. If your program UI needs to run inside both standard user and administrative accounts, then your program should be rearchitected so that the UI runs as a non-privileged application and the privileged core runs as a Windows Service. In fact, based on what you've said about your application, this might be a better way to implement your application. On Mon, 14 May 2007 14:18:44 -0400, "AC" wrote: Thanks. I tried using the manifest and it did not work. Our program is not installed in the program files directory (unfortunately, I'd love it to be, but the clients AND support staff of our clients do not want it there). I need the program to launch when the user logs in. It's OUR task scheduler which checks for updates, synchronizes with our server, etc etc. It has an UI. It sits in the task tray, and allows the user to show it to see the UI. I'm not 100% following what you say, but I need to have this happen from our install program. I can't expect the users to do anything on their end. "Jimmy Brush" wrote in message ... Hello, Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? |
|
|||
.net 1.1 EXE in startup folder on VISTA
Yeah I missed the fact that your app never needs admin permissions.
But if it did, and you were in this same scenario, then you can just set the stricter permissions on the app's exe and config files, while allowing the folder that it resides in to accept new files. On Mon, 14 May 2007 15:05:52 -0400, "AC" wrote: I need admin and non-admin users alike to be able to write to the folder..... Our software update process requires it (whatever user is logged in admin or not admin need to be able to do this). A lot of our installs are single, stand alone machines..... "Jimmy Brush" wrote in message .. . I should also add that it is *critical* that your program be installed in a security-restricted folder. If you can't use a system folder, you need to make sure that whatever folder your app is installed in is security restricted so that non-admin users cannot write to it. If non-admin users have write access to your program, they may be able to replace your program with any other program of their choosing, which will be ran with admin privileges the next time an admin logs on to the computer, and easily gain control over your computer. - JB Microsoft MVP - Windows Shell/User Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
.net 1.1 EXE in startup folder on VISTA
Thanks Jimmy..
Got this feedback from our testers (no vista machine in front of me). If they put the manifest file in play, they get this error even when launching the EXE manually, not at startup: A referral was returned from the server. However, if they remove the manifest, they can launch the program manually (they are asked to cancel or allow, but if they allow, all is OK) "Jimmy Brush" wrote in message news So your application doesn't need admin privileges at all? OK ... I guess I glazed over 'asInvoker' in your manifest and thought it said 'highestAvailable'. If your app doesn't need admin privileges under any circumstances, then you are doing everything correctly, you don't need to use task scheduler, and it should be working... Try removing 'uiaccess=true' from your manifest. On Mon, 14 May 2007 15:01:59 -0400, "AC" wrote: We can't rearchitect the application. We need to support Win98, and we need it to run the way it is. Most (98%?) run our program as a startup program, but some do not. Without getting too detailed, we can't change the application that dramatically. Our testers took the manifest file I gave them, and when they put it in play, all of a sudden the Blocked Programs popup bubble did not come back when they restarted. HOWEVER, the program did not seem to do as expected. We need the application to run whether it's an admin or not an admin. Obviously, an admin installs our app, but from that point, in most cases, the same account will run the application, but in others, it will NOT be an admin running the program. Scheduling via a task scheduler sounds promising, but I need to be able to do this automatically via our installer, and not rely on the users to do that. Are there registry settings/etc I can set? Is there something in my manifest that can be done to get this to work? Our startup "program" does the following: 1) Checks a folder on the local PC to see if an update has been downloaded by our updater (happens during our auto synchronization every evening, and if an update is there) 2) Once the update files areput in their proper places, it launches another EXE, but stays in memory. It monitors this EXE it launched, and if it is shut down, with the right exit code, it knows it's time to apply the update and relaunch. If it exits normally, then it just closes itself as well.. "Jimmy Brush" wrote in message . .. Basically, what I am saying, is that if your program needs administrator privileges AND needs to be interactive on the desktop AND needs to be running on every administrative user's desktop that uses the computer, you need to have the task scheduler start your program instead of Windows Explorer (which starts programs in the startup folder). Windows Explorer cannot start elevated applications without prompting the user (which is blocked for startup apps), Task Scheduler can. If *only* administrators will use your program, or all users on the computer are administrators, you can have your installer register your program with Windows' task scheduler, as i mentioned in my last post, and instruct the task scheduler to start your program when administrators on your machine log in. This will do what you want, but only for administrator accounts on the computer. The task scheduler is just an alternate way of having your program start that will work on vista, as opposed to putting it in the startup folder (which doesn't work for your needs). You can use the task scheduler API's inside your setup program to do this without requiring the end user to do anything special. If your program UI needs to run inside both standard user and administrative accounts, then your program should be rearchitected so that the UI runs as a non-privileged application and the privileged core runs as a Windows Service. In fact, based on what you've said about your application, this might be a better way to implement your application. On Mon, 14 May 2007 14:18:44 -0400, "AC" wrote: Thanks. I tried using the manifest and it did not work. Our program is not installed in the program files directory (unfortunately, I'd love it to be, but the clients AND support staff of our clients do not want it there). I need the program to launch when the user logs in. It's OUR task scheduler which checks for updates, synchronizes with our server, etc etc. It has an UI. It sits in the task tray, and allows the user to show it to see the UI. I'm not 100% following what you say, but I need to have this happen from our install program. I can't expect the users to do anything on their end. "Jimmy Brush" wrote in message m... Hello, Applications that will request from the user permission to run (when UAC is enabled) are blocked from being started in this manner. A few reasons this is so: - The user may not be around to approve the application to start when the computer starts up or the account is logged on - The user would find it very annoying to have to approve your application (and possibly multiple applications) to start every time they log on To "get around" this limitation, instead of putting your application in the startup folder, you can put your application in a secure location (such as Program Files, which is required for uiAccess=true btw, are u sure u really need uiaccess?), and then create an entry in the task scheduler for the administrative user(s) that want your application to run whenever they log in, specifying your application to run on user log-on condition as well as specifying that the application should run with highest privilege. This will allow your application to start "elevated" on the admin's desktop when the specified administrator(s) log in, without prompting them for permission. You can use this task scheduler method for non-admin users, but you are not able to specify that the application run with "highest privilege" for non-admins. If you do, the application will start with highest privilege when the non-admin logs on, but it will start non-interactively in Session 0 (the services session). With UAC enabled, non-admin users should be able to put your program (with the manifest you described) in their startup folder or in the user-specific "run" registry key without being blocked. On Mon, 14 May 2007 13:07:32 -0400, "AC" wrote: Our application installs a .NET 1.1 EXE created with VB.NET into the startup folder on the PC. This works perfectly on Win98SE and XP. If the User Access Control is OFF on Vista, it also works perfectly there. However, if the UAC is on, the program is BLOCKED. I tried to build a manifest file.... assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" asmv3:security asmv3:requestedPrivileges asmv3:requestedExecutionLevel level="asInvoker" uiAccess="true" / /asmv3:requestedPrivileges /asmv3:security /asmv3:trustInfo /assembly It didn't help. Any way to get this program to launch even if the UAC is turned on? Users can launch it by right clicking and allowing it to run, but how can it run normally, like it does on XP, Win98 or Vista when the UAC is off? |
|
Thread Tools | |
Display Modes | |
|
|