Requesting Elevation
A program can request elevation in a number of different ways. One way for program developers is to add a requestedPrivileges section to an XML document, known as the manifest, that is then embedded into the application. A manifest can specify dependencies, visual styles, and now the appropriate security context:
Setting the level attribute for requestedExecutionLevel to "asInvoker" will make the application run with the token that started it, "highestAvailable" will present a UAC prompt for administrators and run with the usual reduced privileges for standard users, and "requireAdministrator" will require elevation. In both highestAvailable and requireAdministrator modes, failure to provide confirmation results in the program not being launched.
An executable that is marked as "requireAdministrator
" in its manifest cannot be started from a non-elevated process using CreateProcess
. Instead, ERROR_ELEVATION_REQUIRED
will be returned. ShellExecute
or ShellExecuteEx
must be used instead. If an HWND
is not supplied, then the dialog will show up as a blinking item in the taskbar.
Inspecting an executable's manifest to determine if it requires elevation is not recommended, as elevation may be required for other reasons (setup executables, application compatibility). However, it is possible to programmatically detect if an executable will require elevation by using CreateProcess
and setting the dwCreationFlags
parameter to CREATE_SUSPENDED
. If elevation is required, then ERROR_ELEVATION_REQUIRED
will be returned. If elevation is not required, a success return code will be returned at which point one can use TerminateProcess
on the newly created, suspended process. This will not allow one to detect that an executable requires elevation if one is already executing in an elevated process, however.
A new process with elevated privileges can be spawned from within a .NET application using the "runas
" verb. An example using C#:
In a native Win32 application the same "runas
" verb can be added to a ShellExecute
or ShellExecuteEx
call.
In the absence of a specific directive stating what privileges the application requests, UAC will apply heuristics, to determine whether or not the application needs administrator privileges. For example, if UAC detects that the application is a setup program, from clues such as the filename, versioning fields, or the presence of certain sequences of bytes within the executable, in the absence of a manifest it will assume that the application needs administrator privileges.
Read more about this topic: User Account Control
Famous quotes containing the word elevation:
“In private life he was good-natured, chearful, social; inelegant in his manners, loose in his morals. He had a coarse, strong wit, which he was too free of for a man in his station, as it is always inconsistent with dignity. He was very able as a minister, but without a certain elevation of mind necessary for great good, or great mischief.”
—Philip Dormer Stanhope, 4th Earl Chesterfield (16941773)