Vista UAC - get app to request escalation for a task

"d-42" <db********@gmail.comwrote in message
news:d9**********************************@k36g2000 pri.googlegroups.com...

Hi,

How do I ask for escalation from within a program?

I'm developing a standalone program that can also act as a 'plugin' to
another application. The way the other app was designed, it scans a
plugin folder in its "program files" folder for settings documents
which contain all the settings it needs to know to call the plug-in
apps.

The problem, of course, is permissions. Under vista, even the
administrator accounts are prevented from writing to the folder
without escalation.

So I how do I request escalation so that my program can save the
settings file to its plugin folder? right now it just throws an
exception 'access denied'. I'd be happy if I could get the 'The
program is trying to access a protected folder..." type of message
that they could just accept. After all, it only normally needs to be
done once.

As it stands now, it works if they launch the software using the 'run
as administrator', but I'd prefer it to ask on that one function
instead, if its not a buttload of work.

Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.

On Jul 28, 8:56*pm, "Mr. Arnold" <MR. Arn...@Arnold.comwrote:

"d-42" <db.pors...@gmail.comwrote in message

news:d9**********************************@k36g2000 pri.googlegroups.com...

Hi,

How do I ask for escalation from within a program?

I'm developing a standalone program that can also act as a 'plugin' to
another application. The way the other app was designed, it scans a
plugin folder in its "program files" folder for settings documents
which contain all the settings it needs to know to call the plug-in
apps.

The problem, of course, is permissions. Under vista, even the
administrator accounts are prevented from writing to the folder
without escalation.

So I how do I request escalation so that my program can save the
settings file to its plugin folder? right now it just throws an
exception 'access denied'. I'd be happy if I could get the 'The
program is trying to access a protected folder..." type of message
that they could just accept. After all, it only normally needs to be
done once.

As it stands now, it works if they launch the software using the 'run
as administrator', but I'd prefer it to ask on that one function
instead, if its not a buttload of work.

Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.

But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

-regards,
Dave

"d-42" <db********@gmail.comwrote in message
news:3c**********************************@x29g2000 prd.googlegroups.com...
On Jul 28, 8:56 pm, "Mr. Arnold" <MR. Arn...@Arnold.comwrote:

"d-42" <db.pors...@gmail.comwrote in message

news:d9**********************************@k36g2000 pri.googlegroups.com...

Hi,

How do I ask for escalation from within a program?

I'm developing a standalone program that can also act as a 'plugin' to
another application. The way the other app was designed, it scans a
plugin folder in its "program files" folder for settings documents
which contain all the settings it needs to know to call the plug-in
apps.

The problem, of course, is permissions. Under vista, even the
administrator accounts are prevented from writing to the folder
without escalation.

So I how do I request escalation so that my program can save the
settings file to its plugin folder? right now it just throws an
exception 'access denied'. I'd be happy if I could get the 'The
program is trying to access a protected folder..." type of message
that they could just accept. After all, it only normally needs to be
done once.

As it stands now, it works if they launch the software using the 'run
as administrator', but I'd prefer it to ask on that one function
instead, if its not a buttload of work.

Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.

But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

<http://news.softpedia.com/news/Admin-Approval-Mode-in-Windows-Vista-45312.shtml>

<http://www.computerperformance.co.uk/vista/vista_administrator_activate.htm#Summary_of_Vista_ Administrator_-_Super_User_(Hidden_Account)>

<http://www.codeproject.com/KB/vista-security/MakingAppsUACAware.aspx>

How do I ask for escalation from within a program?

>>
Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.

But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

Same problem here. I'm trying to write an auto updater that (obviously)
needs to write to the "program files" folder. When I set the manifest's
requestedExecutionLevel to requireAdministrator the application can
write there, but with the massive drawback that the user is prompted to
allow the application as soon as it starts.

What I need is that the program only asks for elevation when needed -
that is, if, and only if, it needs to write to "program files".
Any idea how to accomplish that?
(Didn't find any clue in the links provided)

Markus

Markus Mayer schrieb:

>>>How do I ask for escalation from within a program?
Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.

But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

What I need is that the program only asks for elevation when needed -
that is, if, and only if, it needs to write to "program files".
Any idea how to accomplish that?
(Didn't find any clue in the links provided)

Hm. I obviously missed the part saying "This is the only time
applications can do this as applications cannot change their level later
and decide to elevate once running".
Doesn't solve the problem, though. What's the magic of these "shield"
buttons? Do they simply call an executable with a "run as administrator"
constraint?

Markus

On Jul 30, 3:30*am, Markus Mayer
<_nospam_usenet_nospam_@_nospam_defx_nospam_.dewro te:

Markus Mayer schrieb:

>>How do I ask for escalation from within a program?
Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.
But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

What I need is that the program only asks for elevation when needed -
that is, if, and only if, it needs to write to "program files".
Any idea how to accomplish that?
(Didn't find any clue in the links provided)

Hm. I obviously missed the part saying "This is the only time
applications can do this as applications cannot change their level later
and decide to elevate once running".
Doesn't solve the problem, though. What's the magic of these "shield"
buttons? Do they simply call an executable with a "run as administrator"
constraint?

Markus

Based on what I (we have both) read at the codeproject article, it
looks like the process has to be terminated and restarted to get
higher priv's... so I suppose instead of a separate executable, the
menu-item could call the same executable with a 'run as administrator'
and a suitable command line parameter to invoke the feature.

But that's still bloody ugly in my case, since it means the entire
state of the app has to be persisted and restored, to make it
"seamless". For my situation, having it spawn a separate escalated
process to install the plugin file, seems to be the best solution. For
your situation i'd speculate that since you are doing an upgrade, a
terminate and restart as a administrator with command line option to
perform the upgrade is probably acceptable.

cheers,
Dave

On Jul 30, 3:30*am, Markus Mayer
<_nospam_usenet_nospam_@_nospam_defx_nospam_.dewro te:

Markus Mayer schrieb:

>>How do I ask for escalation from within a program?
Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.
But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

What I need is that the program only asks for elevation when needed -
that is, if, and only if, it needs to write to "program files".
Any idea how to accomplish that?
(Didn't find any clue in the links provided)

Hm. I obviously missed the part saying "This is the only time
applications can do this as applications cannot change their level later
and decide to elevate once running".
Doesn't solve the problem, though. What's the magic of these "shield"
buttons? Do they simply call an executable with a "run as administrator"
constraint?

Markus

In follow up I also found this article which is quite informative, and
really, more applicable than the other links we got:

http://www.codeproject.com/KB/vista-...Elevation.aspx

cheers,
Dave

"d-42" <db********@gmail.comwrote in message
news:eb**********************************@k36g2000 pri.googlegroups.com...
On Jul 30, 3:30 am, Markus Mayer
<_nospam_usenet_nospam_@_nospam_defx_nospam_.dewro te:

Markus Mayer schrieb:

>>How do I ask for escalation from within a program?
Your program would use the Vista UAC manifest to provide the needed
credentials during program runtime, look it up use Google.
But I don't want the entire program need escalation, just the one
rarely used feature. I take it that's not possible? That I have to
spin-off the feature into its own executable, and provide a separate
manifest requiring escalation for that?

What I need is that the program only asks for elevation when needed -
that is, if, and only if, it needs to write to "program files".
Any idea how to accomplish that?
(Didn't find any clue in the links provided)

Hm. I obviously missed the part saying "This is the only time
applications can do this as applications cannot change their level later
and decide to elevate once running".
Doesn't solve the problem, though. What's the magic of these "shield"
buttons? Do they simply call an executable with a "run as administrator"
constraint?

Markus

In follow up I also found this article which is quite informative, and
really, more applicable than the other links we got:

http://www.codeproject.com/KB/vista-...Elevation.aspx
Why go through all that? It's free.

http://www.tweak-uac.com/what-is-tweak-uac/

On Jul 30, 3:05*pm, "Mr. Arnold" <MR. Arn...@Arnold.comwrote:

"d-42" <db.pors...@gmail.comwrote in message

Why go through all that? It's free.

http://www.tweak-uac.com/what-is-tweak-uac/

So lets just tell our customers turn off all Vista's security and just
run as administrator? How can you possibly think that to be an
intelligent solution?

Not only will enterprises reject that option, and as a result, reject
our software outright (as they should), but we will perpetuate the
situation that has caused XP to become the malware cesspool it is.

Thanks, but no thanks. I want my software to run within Vista's least
privileged security model, escalate when absolutely needed, and be
accepted by customers and end users.

I look forward to the day when the suggestion to just 'run as
administrator and disable all the security to run our software' is as
laughable on Windows as it is on Linux, OSX, BSD, Solaris, AIX, and
any other respectable OS out there. Its sad that it hasn't reached
that point already.

-cheers,
Dave

d-42 schrieb:

In follow up I also found this article which is quite informative, and
really, more applicable than the other links we got:

http://www.codeproject.com/KB/vista-...Elevation.aspx

cheers,
Dave

Yep, I was about to post that right now. :) That makes the call easier,
but still isn't a good solution. Methinks one could start the process
that way, passing a specific command line argument. On startup, if this
argument is found, only a specific task is done after which the process
exits.

When I watch the Date/Time settings dialog in Vista (a rundll32 process
using timedate.cpl) and click on the "change" button ... hm ... could be
that it runs another "DllHost" process with the elevated priviledges. It
has a GUID as description here on my machine. Can anyone confirm this?

For an updater, the following idea came to my mind: The updater checks
if there is a new version. If there is one, it performs a lookup of all
the referenced assemblies and copies them and itself to a shared folder
in AppData. Once this is done it relaunches itself from there,
requesting elevated permissions if necessary. Then it can download the
new files and write them to program files (and can even overwrite "itself").

Markus

Hello d-42,

On Jul 30, 3:05 pm, "Mr. Arnold" <MR. Arn...@Arnold.comwrote:

>"d-42" <db.pors...@gmail.comwrote in message

Why go through all that? It's free.

http://www.tweak-uac.com/what-is-tweak-uac/

So lets just tell our customers turn off all Vista's security and just
run as administrator? How can you possibly think that to be an
intelligent solution?

Not only will enterprises reject that option, and as a result, reject
our software outright (as they should), but we will perpetuate the
situation that has caused XP to become the malware cesspool it is.

Thanks, but no thanks. I want my software to run within Vista's least
privileged security model, escalate when absolutely needed, and be
accepted by customers and end users.

I look forward to the day when the suggestion to just 'run as
administrator and disable all the security to run our software' is as
laughable on Windows as it is on Linux, OSX, BSD, Solaris, AIX, and
any other respectable OS out there. Its sad that it hasn't reached
that point already.

IMHO we have already reached that point. It truely is laughable to anyone
with half a brain.

Sure you can do it on your own machine when you know exactly what you're
doing and why.

But the suggestion that any company would just accept that as a part of your
software's requirements is downright scary.

I was going to post exactly what you wrote, but I'm pretty sure "Mr Arnold"
has me in a "kill file" so that none of my posts show up for him.

Like many people he has some useful opinions, ideas and commentary but somedays
I think he's not on the same planet as the rest of us.

If I recall correctly he originally got upset with me for backing up Seth
Rowe on some alternate suggestions for someone who wanted to run IIS on WinXP
home.

Strange.

FWIW I agree with others, that your best avenue would unfortunately be an
additional exe which could be elevated just to perform the needed operations
before it quit.

Seems like overkill to restart your entire application just to gain these
rights.

If you find a better solution please post back as I would also be very interested
in hearing about this.

--
Rory

"d-42" <db********@gmail.comwrote in message
news:d4**********************************@u6g2000p rc.googlegroups.com...
On Jul 30, 3:05 pm, "Mr. Arnold" <MR. Arn...@Arnold.comwrote:

"d-42" <db.pors...@gmail.comwrote in message

Why go through all that? It's free.

http://www.tweak-uac.com/what-is-tweak-uac/

So lets just tell our customers turn off all Vista's security and just
run as administrator? How can you possibly think that to be an
intelligent solution?

I guess you have not been in a Vista forum. It seems a resonable solution to
some to be able to trun UAC off and trun it back on when UAC interfears with
install as an example, even running as Admin.

----------------

Not only will enterprises reject that option, and as a result, reject
our software outright (as they should), but we will perpetuate the
situation that has caused XP to become the malware cesspool it is.

I never had a problem with XP in this area nor do corporates or enterprises
that choose to lockdown the environment and the users. And besides, if
corporate or enterprises don't want malware to run on XP, then all that have
to do is not allow the user to run as an Admin on XP.

-----------------------------------------------

Thanks, but no thanks. I want my software to run within Vista's least
privileged security model, escalate when absolutely needed, and be
accepted by customers and end users.

------------------------------------------------

UAC is no golden egg and can be defeated. If the O/S can be fooled, then
anything that runs with the O/S can be fooled too and defeated.

http://clarktech.no-ip.com/microsoft...s-uac-defeated

I look forward to the day when the suggestion to just 'run as
administrator and disable all the security to run our software' is as
laughable on Windows as it is on Linux, OSX, BSD, Solaris, AIX, and
any other respectable OS out there. Its sad that it hasn't reached
that point already.

------------------------------------------

None of those O/S(s) are bullet proof and are Swiss cheese in the wrong
hands. You want to know why they are not bullet proof. That's because
fallible human beings wrote the software and fallible human beings use it
too. When we as human beings are not fallible, then one can expect that
anything we create or do as human beings will not be fallible. And that's
not happening in your or my lifetime.