Jaa


A referral was returned from the server.

I encountered this strange error while playing with a sample to elevate the executable from the starting. Just imagine, that you require your application to run in admin mode to work successfully; in windows vista, we have the functionality of adding the elevation manifest embedded inside the executable and give user the prompt that elevate the executable otherwise application can not run.

Following is a very good article on how to do this,
https://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspx

Following is the whitepaper which might also help,
https://www.microsoft.com/downloads/details.aspx?FamilyID=BA73B169-A648-49AF-BC5E-A2EEBB74C16B&displaylang=en

But while modifying it and playing with my sample code, I got following error.

After little bit of more research, found that GUI applications do not require,

uiAccess=""true"" line.. and if it is there, it would not work.

Solution: So, Solution to this problem is, either remove the line uiAccess=""true"" or else, make the modification and set it to ""false"". After doing the modification, could get it to working properly.

Comments

  • Anonymous
    March 06, 2008
    Hello Jigar, I recently got the same error. I found, it is not exactly because of the uiAccess = “true” in the manifest. You might need some application which have following manifest. Please notice “<requestedExecutionLevel level="requireAdministrator" uiAccess="true" />”

<?xml version="1.0" encoding="utf-8" ?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">  <assemblyIdentity version="1.0.0.0"       processorArchitecture="X86"       name="Sample"       type="win32" />  <description>Sample Manifest Test Application</description>  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">    <security>      <requestedPrivileges>         <requestedExecutionLevel level="requireAdministrator" uiAccess="true" />        <!--<requestedExecutionLevel level="asInvoker" /> -->        <!-- <requestedExecutionLevel level="highestAvailable" uiAccess = "true"/> -->      </requestedPrivileges>    </security>  </trustInfo> </assembly> By specifying UIAccess=”true” in the requestedPrivileges attribute, the application is stating a requirement to bypass UIPI restrictions on sending window messages across privilege levels. Windows Vista implements the following policy checks before starting an application with UIAccess privilege. The application must have a digital signature that can be verified using a digital certificate that chains up to a trusted root in the local machine Trusted Root Certification Authorities certificate store. The application must be installed in a local folder application directory that is writeable only by administrators, such as the Program Files directory. The allowed directories for UI automation applications are: %ProgramFiles% and its subdirectories. %WinDir% and its subdirectories, except a few subdirectories that are excluded because standard users have write access. This error typically occurs if the app is not signed properly or the verification fails. You would need to follow three steps here

  1. Create and Embed an Application Manifest with Your Application
  2. Authenticode Sign Your Application
  3. Run you application from a trusted location. For example %ProgramFiles% and its subdirectories. Here is a detailed article which talks about step 1 and 2. Windows Vista Application Development Requirements for User Account Control Compatibility http://download.microsoft.com/download/5/6/a/56a0ed11-e073-42f9-932b-38acd478f46d/WindowsVistaUACDevReqs.doc Step Six: Create and Embed an Application Manifest with Your Application (Page 63) Step Eight: Authenticode Sign Your Application (Page 72) -Prateek
  • Anonymous
    March 06, 2008
    Thanks for the comment Pratik. My sample started working after removing uiAccess element, so I thought it to be a solution, but there must be some unexplored area from my side, I guess.