|
|
|
|
|
- Overview
- Choosing a manifest
- Overview
- Manifest without specific privileges
- Manifest with maximum available privileges
- Manifest with administrator privileges
- Custom manifest
- Signing an executable
Creating an executable: Manifest management
When running an executable, Windows Vista (and later) performs several checks regarding the rights of the current user via the UAC mechanism (User Account Control). The UAC mechanism ensures that an application does not exploit a user's privileges without his or her knowledge: each application is launched with the minimum possible rights.. When running an executable, the system tries to assess the rights required by the application. For example, the system detects that the application requires Administrator rights if the executable name contains "setup" or "install". If the system establishes that the application requires specific rights, requiring to be administrator, the UAC is triggered: - If the user is administrator, Windows Vista (and later) asks for a confirmation.
- If the user is not administrator, Windows Vista (and later) asks for the administrator password.
This validation is requested whenever the executable is run. If an application is intended to be used in Vista (and later), you must check the operations performed by the application in order to define the requested level of rights. To specify the requested level of rights, all you have to do is include a manifest in your executable. The manifest is used to run the executable with the requested level of rights. You also have the ability to sign the executable. In this case, the window displayed by the UAC mechanism changes color. Reminder: If the executable must be signed, specify the certificate to be used. This certificate must be on the Microsoft Store (more precisely on the user store and not on the computer store). The signature standard used is PKCS7. This signature is used to: - make sure that the executable has not been modified since it was generated.
- display the editor name in the Windows download window.
Remark: To create the executable, pull down the ![](https://doc.windev.com/en-US/images/image.awp?langid=3&name=ico_generation_exe.gif&-1777301345) icon and select "Generate Windows 32-bit executable (.exe)" or "Generate Windows 64-bit executable (.exe)". Overview Different types of manifest can be included in an executable. Each type of manifest allows for a specific use mode of the application. The following paragraphs present the details about each type of manifest and when they should be used. The different types of users are as follows: - User: Windows user, no specific rights
- Power Users: Windows user with specific rights or belonging to a group with specific rights
- Administrator: User with administrative rights (domain administrator, local administrator, etc.).
The table below presents the elements requested by Windows Vista according to the user and to the type of manifest used: | | | | | User | Power user | Administrator |
---|
Manifest without specific privileges | No confirmation | No confirmation | No confirmation | Manifest with maximum available privileges | No confirmation | Ask for confirmation (1) | Ask for confirmation (2) | Manifest with administrator privileges | Ask for administrator login | Ask for administrator login | Ask for confirmation (3) |
(1), (2), (3): If the application is launched from another application for which the UAC has already been validated, the confirmation window may not appear. Manifest without specific privileges Advantage: The user will be able to launch the application under Windows Vista (and higher), even if its name or description contains specific keywords detected by Windows Vista (e.g. "Install", "Setup", ...) as requiring administrator rights. No confirmation is requested when the application is started. Disadvantage: If the application performs operations requiring specific privileges (writing to part of the registry, writing to system directories, etc.), these operations will fail, and if no specific error handling is provided in the application, no error message will be displayed.. The presence of the manifest cancels the redirection system of UAC. Manifest with maximum available privileges The "Manifest indicating that the application requires the maximum available privileges" option is used to start the application in Windows Vista (and later). The executable will be run with all the privileges associated with the user account that runs it. If the user is an administrator, a confirmation window will be displayed when running the executable.
If the user belongs to the "Power user" group, "Replicator" group or any other special group, the window for entering the administrator password will be displayed.
Manifest with administrator privileges The "Manifest indicating that the application requires the administrator privileges" option is used to start the application in Windows Vista (and later). The executable will be run with all administrator privileges. If the user is an administrator, a confirmation window will be displayed when running the executable.
If the user is not an administrator, a window for entering the administrator password will be displayed.
Custom manifest The "Custom manifest" option allows you to include a ".manifest" file of your choice in the executable. Remark: The structure of a ".manifest" file is specific to a particular application.. Example of file: <?xml version="1.0" encoding="UTF-8" stand-alone="Yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="MyApp" type="win32">
</assemblyIdentity>
<description>Test application</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security xmlns:ms_asmv3="urn:schemas-microsoft-com:asm.v3">
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator">
</requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly> Attention: The default manifest contains information for displaying tooltips and operating certain menu options.. To find these features, the custom manifest must contain the following information: <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> If the UAC is enabled in Windows Vista (and later), the signature of a WINDEV application triggers the display of a blue confirmation window (instead of orange windows). To sign a WINDEV application, you must contact a company for code signature. Some examples: Verisign, Thawte, ... These companies will help you install the certificates on Mobile or Smartphone devices. Remark: The executable creation wizard can be used to sign WINDEV and Mobile executables.. Simply select the desired certificate.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|