Why does my application requires an elevated privilege?

  • Article

I am writing an internal utility, and it bugged me that my utility requires an elevated privilege. I like the UAC prompt in Windows Vista, if an app tries to do something critical, I would like to know who wants to do it, and why. The why part sometimes are not clear, but it is better than nothing.

But my application does nothing that requires elevated privilege. Out of curiosity, I removed all code and references. My application essentially just a blank console application that does nothing, and it still requires an elevated privilege. WHY????????

One advantage of working for Microsoft is that this is a place of hard-working, smart, and also kind people. If you ask nicely, you can get some answers, if they are not too busy. :)  So I asked the team, and I got the answer. My application has 'Update' string in its name. The name triggers UAC.

I renamed my app, and it still requires UAC, I suspect because my assembly name has 'update' string in it. Oh well, the pointer that was given to me, tells me to create an application manifest, either embed it or put in on the same folder with the app. It works great.

Some would think UAC is bad, but it is there to protect the user. If you want to give your application user a great experience, make sure your app won't prompt for UAC if it is not necessary. These are some links that are helpful:

Tips and Tricks for Using Key Windows Vista Native API's from Managed Code
(https://download.microsoft.com/download/c/9/3/c934f4fb-25e3-42a6-ad15-97775994927c/WindowsVistaTipsAndTricks.ppt)

Windows Vista Application Development Requirements for User Account Control Compatibility
(https://download.microsoft.com/download/5/6/a/56a0ed11-e073-42f9-932b-38acd478f46d/WindowsVistaUACDevReqs.doc)

If you want to create a manifest file, create a text file, and change the name of the text file to match your application name, complete with EXE and give an extension ".manifest", for example, an executable 'UpdateFile.exe', set it to 'UpdateFile.exe.manifest'. Edit the file with your text editor of your choice as follow:

<?xml version="1.0" encoding="utf-8" ?>

<assembly xmlns="urn:schemas-microsoft-com:asmv.v1"

          manifestVersion="1.0">

  <assemblyIdentity version="1.0.0.0"

    processorArchitecture="X86"

    name="AppName"

    type="win32" />

  <description>App Description</description>

  <trustInfo xmlns="urn:schemas-microsoft.com:asm.v2">

    <security>

      <requestedPrivileges>

        <requestedExecutionLevel level="asInvoker" />

      </requestedPrivileges>

    </security>

  </trustInfo>

</assembly>

Update the attribute in Italic as necessary, and you are good to go, your user will have a better user experience.

Comments

  • Anonymous
    September 15, 2007
    PingBack from http://msdnrss.thecoderblogs.com/2007/09/15/why-does-my-application-requires-an-elevated-privilege/

  • Anonymous
    September 15, 2007
    This is by design. Automatic Elevation occurs on programs without an application manifest if their name implies that they are used in a way that might require elevation, most notably, "setup","instal","updat" etc. This reduces the amount of times that you run a legacy (Windows XP or previous) application that needs elevation from running and crashing because of insufficient priviledges first.

  • Anonymous
    September 15, 2007
    Thanks Matt, After reviewing the doc, I understand that this is by-design.  I hope other devs will update their applications with the manifest to give their users a better experience.

  • Anonymous
    February 29, 2008
    Guess the secret word, and maybe your application will run properly under Vista UAC!

  • Anonymous
    October 06, 2009
    It seems manifest file should not be younger than application one. At least on Windows Server 2008 SP1.