Admin shield-logo on VO apps in Vista
John Martens
it. This shield makes the need for Admin rights to run it.
It is an update app but there is not always the need for Admin rights.
Other VO apps do not have this. Even my Inno setup EXE doesn;t have this.
What's causing the shield to appear ?
John
Stephen Quinn
> What's causing the shield to appear ?
It's just adverting that its prepared to defend itself against the OS<bg>.
CYA
Steve
Dirk Herijgers
Try this (but only working in vista)...
SendMessage(self:Handle(),BCM_SETSHIELD,0,LONG(_CAST,lEnable))
where DEFINE BCM_SETSHIELD := BCM_FIRST+0x000C
--
Mathias
in a resource statement like
resource CREATEPROCESS_MANIFEST_RESOURCE_ID RC_RT_MANIFEST %appwizdir%
\requireAdministrator.man
If an administrator runs this program he has to allow it to run in a
separate dialog. If a normal user runs it he has to specify an
administrator account and password to run it.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="VO.Application"
type="win32"
/>
<description>Visual Objects Application.</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Mathias
John Martens
What does it do ?
I want to be able to run the app also without Admin rights. Sending the
message to itself requires the app to be running ?!
John
Dirk Herijgers schreef:
John Martens
In none of my apps I use a manifest file so I do not see (yet) what
causes two apps to behave different concerning the icon.
John
Mathias schreef:
Mathias
file to see if it needs admin rights to run. Your Inno installation is
probably recognized by a bit pattern. The manifest can tell vista óne
of the following things;
* Require administrator priviledges to run. If these rights are not
given the application is not started at all. A shield is automatically
added to the application/shortcut icon.
* Run as Invoker. Normal user rights. You can't write anything in c:
\program files or c:\windows and a couple of more folders.
* Run with the best priviligies possible (Same as the user). Don't
remember the manifest for this (I'm at home now). I'll post another
message tomorrow...
Mathias
> >> John- Dölj citerad text -
>
> - Visa citerad text -
JR-INFO
administration rights...
In Vista you can disable the UAC ( User Access Control ) from your Control
Panel in the Account folder. However, this will disable this option for your
whole machine, including the normal users that do not have administrator
rights.
You can disable this prompt window for administrators only by changing the
following HKEY_LOCAL_MACHINE with the RegEdit.exe program ( this change
requires that RegEdit to be run as administrator ) :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Thevalue of "ConsentPromptBehaviorAdmin" must be 0 ( zero ).
Value 0 = No prompt at all.
Value 1 = Prompt that requires to enter an admistrator password(even if you
are an administrator ).
Value 2 = ( Default ). Prompt that requires an acceptance only.
Note: Normal users will be asked to enter an administative password...
Jean
http://www.rayonline.com
http://www.rayonline.com/jrinfo/faq.htm#q7
"Mathias" <mathias....@consultec.se> a écrit dans le message de
news:1af180b0-5305-4d59...@26g2000hsk.googlegroups.com...
Stephen Quinn
> Your Inno installation is probably recognized by a bit pattern.
The bit pattern is having 'setup' or 'install' as the filename or part of
the filename IIRC.
Paul Piko
>
> The bit pattern is having 'setup' or 'install' as the filename or part of
> the filename IIRC.
See here: http://technet.microsoft.com/en-us/magazine/cc138019.aspx, the
part "Conveniently Accessing Administrative Rights".
"There are a number of ways the system and applications identify a need for
administrative rights. One that shows up in the Explorer UI is the "Run as
administrator" context menu entry and shortcut option. These items include a
colored shield icon that should be placed on any button or menu item that
will result in an elevation of rights when it is selected. Choosing the "Run
as administrator" entry causes Explorer to call the ShellExecute API with
the "runas" verb.
The vast majority of installation programs require administrative rights, so
the image loader, which initiates the launch of an executable, includes
installer detection code to identify likely legacy installers. Some of the
heuristics it uses are as simple as detecting if the image has the words
setup, install, or update in its file name or internal version information;
more sophisticated ones involve scanning for byte sequences in the
executable that are common to third-party installation wrapper utilities.
The image loader also calls the application compatibility (appcompat)
library to see if the target executable requires administrator rights. The
library looks in the application compatibility database to see if the
executable has the RequireAdministrator or RunAsInvoker compatibility flags
associated with it.
The most common way for an executable to request administrative rights is
for it to include a requestedElevationLevel tag in its application manifest
file. "
--
Paul
----
Piko Computing Consultants & VO Productivity Pack
http://www.piko.com.au
Vulcan.NET
http://www.govulcan.net
Vulcan Mind Meld
http://www.vulcanmindmeld.net
Mathias
asInvoker
The application runs with the same access token as the parent process.
Recommended for standard user applications. Do refractoring with
internal elevation points, as per the guidance provided earlier in
this document.
highestAvailable
The application runs with the highest privileges the current user can
obtain.
Recommended for mixed-mode applications. Plan to refractor the
application in a future release.
requireAdministrator
The application runs only for administrators and requires that the
application be launched with the full access token of an
administrator.
Recommended for administrator only applications. Internal elevation
points are not needed. The application is already running elevated.
Note that the virtualization functionality only is active for unmarked
applications. An application with execution level "asInvoker" who
tries to write in c:\windows will fail.
About Vista installer detection;
Installer Detection only applies to:
1. 32-bit executables
2. Applications without a requestedExecutionLevel
3. Interactive processes running as a standard user with UAC enabled
Before a 32-bit process is created, the following attributes are
checked to determine whether it is an installer:
• Filename includes keywords like "install," "setup," "update," etc.
• Keywords in the following Versioning Resource fields: Vendor,
Company Name, Product Name, File Description, Original Filename,
Internal Name, and Export Name.
• Keywords in the side-by-side application manifest embedded in the
executable.
• Keywords in specific StringTable entries linked in the executable.
• Key attributes in the resource file data linked in the executable.
• Targeted sequences of bytes within the executable.
Mathias
John Martens
I'll think I can check out what causes the Admin shield.
John
John Martens schreef:
John Martens
Thanks.
John Martens schreef: