Why does a simple console app require administrative privileges?
program LTUpdate;
{$APPTYPE CONSOLE}
begin
WriteLn('Hello World');
end.
If I run this program from a command prompt nothing happens.
If I run the command prompt with administrative rights and then this program it outputs:
Hello World
Is there somewhere a checkbox in the project which sets the app to require administrative rights?
(The final program will connect to a database, get some fields and update it elsewhere, now I could do it via VCL... but I thought I'd try a simple console app this time.)
Your app is being compiled as 32bit, and lacks a UAC manifest containing a requestedExecutionLevel value, so UAC's "Installer Detection" feature kicks in, which is why your app requires elevation:
https://learn.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works
Installer detection technology
Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows 10 and Windows 11 heuristically detect installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows 10 and Windows 11 also heuristically detect updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
Installer detection only applies to:
32-bit executable files.
Applications without a requested execution level attribute.
Interactive processes running as a standard user with UAC enabled.
Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
The file name includes keywords such as "install," "setup," or "update.
"Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
Keywords in the side-by-side manifest are embedded in the executable file.
Keywords in specific StringTable entries are linked in the executable file.
Key attributes in the resource script data are linked in the executable file.
There are targeted sequences of bytes within the executable file.
The simplest way to fix this is to add a UAC manifest to your app to specify an execution level:
Go to "Project Options | Application | Manifest"
Enable "Auto Generate"
Set "Execution Level" as needed (in this case, "As Invoker" will suffice).
Otherwise, you would have to either recompile your app as 64bit, or change its name and version resource to avoid the designated keywords.
Related
I use opendialog to load file to application path . is there any way to load the file to %userprofile% > AppData > Local > VirtualStore > Program Files > MyApplication Folder, it is because users should not see the the loaded file
Windows will automatically show applications the "VirtualStore" files for old applications. This is done to try and make sure that old applications build before UAC continue to run correctly. To turn off this behavior you need to add a application manifest to your program. This will make windows turn off the VirtualStore behavior both for files and registry entries.
Here is a good page that describes what is happening in detail:
http://www.codeproject.com/Articles/17968/Making-Your-Application-UAC-Aware
The manifest is an XML resource file that can be embedded into the application. In terms of UAC, this serves 2 purposes. Firstly it tells the operating system that the application has been designed with UAC in mind, and that it therefore should not attempt to virtualize any folders or registry settings. If the application still attempts to access protected resources after making its declaration, then these requests will simply fail rather than virtualize. The other thing it does is allow the application to state the privilege level at which it needs to run, and whether it requires elevation.
There are several questions already on StackOverflow that deal with creating and adding an application manifest to Delphi 7 projects. Here is one link to get you started:
Delphi 7 vista / windows 7 manifest
Once you tell windows that you know about the new version of Windows via the manifest you will need to make sure that you are playing by the new rules and don't write data back to any of the protected locations.
I have a single executable which, via InnoSetup, installs into Program Files\FolderName by default. The exe has a 3rd party component which goes online to check for new versions and downloads them, then does a bit of fiddling to replace the exe - simple stuff. The problem is, it can't do this in Program Files because of the necessary security there. I was reading Windows 7 - Can't update my program's files in C:\Program Files in which David Hefferman gives a solution but then seems to say it's a bad idea - but I don't know whether the bad idea bit refers to his solution or to the OP's comments!
So what is the preferred method by which a program can update itself? One that will work on XPSP3 to Win8. I can't seem to find the right phrase to enter into Google that gives me relevant results. Ignore digital signatures and suchlike for now, for simplicity.
(Please note, it may look like I worded that as an opinion question but it's not - there must be some MS-endorsed way of doing it that I can't find. FWIW this is a Delphi program but any Win32 notes will do)
That 3rd party update utility needs to be run with administrative privileges, you can achieve that programmatically.
There is nothing wrong with installing your application in Program Files, that is the designated purpose of this folder. However, user data that is used by the application should be stored in a different location.
However you run that 3rd party Utility, you should first check the Windows OS version to see if fiddling with UAC is really necessary(Vista+...) and then run the utility in the elevated state.
He says its "extremely bad practice" to fiddle with your system so that normal users can write in "Program Files".
If your program is in "Program Files" it's installed with System Admin rights. So updates need also be installed with System Admin rights.
You can configure InnoSetup to request admin-rights so you can write to "Program Files" but if the 3rd party component does not do this its best to install everything in an other directory.
i.e. C:\Your_Program
That way your 3rd party component can write there.
There are several options here:
The easiest: make updater as a separate program with manifest, which requires admin privileges. Also you can ask for admin privileges when you start your updater. Or you can move your updater into out-of-process COM object instead of separate exe.
You can create hidden user with admin rigths during installation of your program. Then you will run your updater with credentials of this user.
You can install system service during installation of your program and this service will run from system account. So your updater will be implemented as a service.
I have an EXE running with normal privileges, but there are cases (for example using VSS / volume shadow copy) where I need admin privileges (if I'm not mistaken)
The idea is to put the code that needs extra privileges in a separate EXE and launch it as needed.
It's something that I'll rarely need, but I still need to have it as a last resort option (this is to say that I'll rarely need to call it, maybe once/twice a day on average)
My question is: How can I call an admin-elevated process from a normal EXE?
On Vista and later with UAC enabled, the best option is to provide the second EXE with a UAC manifest (preferrably embedded as a resource, but can also be done with an external .manifest file) that sets the requestedExecutionLevel value to requireAdministrator. Then you can just CreateProcess() the EXE file normally. If providing a manifest is not an option, or if you need to support XP and/or non-UAC setups, then you can use ShellExecute/Ex() specifying the "runas" verb instead. Under any of these setups, the OS will prompt the user for permission and account credentials, and then apply the appropriate security rights to the new process as needed.
Another option is the third-party CreateProcess...Elevated() (and ShellExecute...Elevated()) implementations provided in this article:
Vista UAC: The Definitive Guide
I have made a simple installer application in Delphi, nothing fancy. Basically I include files into the Exe, and then extract them to a user specified path.
I stumbled across a problem however, and I have noticed this works with ANY Windows Executable, it does not matter if it is an installer or not.
If an Exe is named, or contains the following words in the filename, "Setup", "Build", "Install" and maybe others, then.. whenever the Application is run and closed, Windows pops up a Product Compatibility Assistant dialog, saying the Application may not have installed correctly.
This is a problem, as even though the Files from my installer have actually extracted, and in my eyes the installer has done its job, Windows is complaining about it.
The only idea I have regarding this, is that Windows must check the filename of the Applications when executed, and in this case has identified it as an Installer. Windows must of then set a flag or something on the System, my Installer must then update this flag to say that the installation was a success?
Windows does not complain about this when debugging from the IDE, so it cannot be code related, it must be the OS - this only happens when launching the Application from Windows, not Delphi.
You can try this easily, either create an Application or rename one as Setup.exe, Run it and then close it - wait a few seconds and the Product Compatibility Assistant Dialog will show.
I don't know where to start investigating how to stop this dialog, or where a setting may be to tell Windows the Installer was completed correctly.
Appreciate your thoughts and solutions thanks.
If I recall correctly, this happens when your install app does not include an application manifest. When UAC was introduced, MS introduced a heuristic detection for installers and shows the UAC elevation dialog. The heuristic checks for names like setup.exe, install.exe. The simple solution is to include an application manifest. If it is an installer you probably want to use the requireAdministrator setting.
The feature is known as Installer Detection and is discussed here.
For what it is worth, I would always build an installer with a dedicated install tool like InnoSetup for example.
As David pointed out, MS uses some fuzzy logic to try to guess if the program is an installer. I wouldn't rely on this, as this is only for supporting legacy installer applications.
All new applications should have a manifest file, specifying whether it requires elevated privileges.
If an application has a manifest file that includes the requestedExecutionLevel directive, then Windows does not attempt Installer Detection.
Any program that is detected as an installer program but does not add a registry entry to the Add Remove Programs section of the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) will get the message "This program might not have installed correctly".
I'm using D2010 under Windows 7 to write an app that seems to require admin rights (I think because it uses COM to communicate with a third party .exe, which also requires admin rights).
I've added the manifest resource as required, but when I try to debug the app from the IDE, it reports
"Unable to create process. The
requested operation requires
elevation"
...and it won't run. If I run Delphi as administrator, then my app runs correctly, but this feels like a dangerous brute force approach, especially as most of the apps I develop don't need admin privileges.
Is there any way of getting Delphi to prompt for elevation just when I run my app, rather than having the whole IDE run elevated?
UAC also catches any application that has the words "setup", "update" or "install" in their name or in many of the Version Resource fields. (Company name, App Name, Description etc.
It considers any such application to be a potential "installer" application and therefore must be run with Admin privileges.
Sounds crazy, but it's true. See the "Installer Detection" section in this document.
You can get around this by including a manifest that says that it doesn't need admin privileges.
There is none, it also doesn't work for VS:
https://stackoverflow.com/questions/3265787/how-do-i-debug-an-process-as-elevated-with-visual-studio-2008-sp1-on-windows-7
I guess you could run the remote debugger elevated and attach the IDE using remote debugging though.
It doesn't work, because the process is running as another user (or using another user token).
The IDE is trying to run the debugging process using CreateProcess and that fails when the application requires elavation, more details can be found in this article:
http://www.codeproject.com/KB/vista-security/UAC__The_Definitive_Guide.aspx
RAD Studio could run the application using ShellExecute with the "runas" verb, but this still doesn't solve the "debugging process under other user context" issue.
In other words: An elevated process can only be debugged by an elavated debugger.
Edit:
The Delphi XE2 IDE is 32-Bit and can debug 64-Bit applications only through the remote debugger (which is cleverly hidden from the user).
I guess Embarcadero could make it possible to debug elevated applications in a similar fashion.
The only way I know to debug such an app is to run the IDE as administrator. I wouldn't recommend doing this routinely, just for debugging sessions.
Actually it may be possible to debug a process with "higher level access" from a process with "normal level access".
At least until Windows XP it is sufficient to add your user account to the Debugger Users group to debug processes running e.g. with Administrator privileges.
That doesn't solve Delphi 2010s problem to run the process at all, but may be useful if you try to attach the debugger to a already running process.
I don't think this works on UAC enabled Vista+, but I thought I'd mention it anyway. :)
To be exact the UAC split token concept disables the SeDebugPrivilege:
http://blogs.msdn.com/b/greggm/archive/2006/03/30/565303.aspx
http://blogs.msdn.com/b/mithuns/archive/2006/04/04/568291.aspx
Run Delphi (any version) as Administrator.
You can change Delphi shortcut properties also (to run it always as administrator).