PC SOFT

ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE
  • Overview
  • Choosing a manifest
  • Overview
  • Manifest without specific privileges
  • Manifest with maximum available privileges
  • Manifest with administrator privileges
  • Custom manifest
  • Signing an executable
WINDEV
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac CatalystUniversal Windows 10 App
Others
Stored procedures
Overview
When running an executable, Windows Vista (and later) performs several checks regarding the rights of the current user via the UAC mechanism (User Account Control).
The UAC mechanism is used to make sure that an application does not exploit the privileges of a user without his knowledge: each application is started with the least necessary rights. When running an executable, the system tries to assess the rights required by the application. For example, the system detects that the application requires Administrator rights if the executable name contains "setup" or "install".
If the system establishes that the application requires specific rights, requiring to be administrator, the UAC is triggered:
  • If the user is administrator, Windows Vista (and later) asks for a confirmation.
  • If the user is not administrator, Windows Vista (and later) asks for the administrator password.
This validation is requested whenever the executable is run.
If an application is intended to be used in Vista (and later), you must check the operations performed by the application in order to define the requested level of rights. To specify the requested level of rights, all you have to do is include a manifest in your executable. The manifest is used to run the executable with the requested level of rights.
You also have the ability to sign the executable. In this case, the window displayed by the UAC mechanism changes color.
Reminder: If the executable must be signed, specify the certificate to use. This certificate must be found in the Windows store (more precisely in the user store and not in the computer store). The signature standard used is PKCS7.
This signature is used to:
  • make sure that the executable was not modified since its generation.
  • display the editor name in the Windows download window.
For more details on how this mechanism works, see UAC mechanism.
Remark: The executable creation is performed by expanding the icon and by selecting "Generate the 32-bit Windows executable (.exe)" or "Generate the 64-bit Windows executable (.exe)".
Choosing a manifest

Overview

Different types of manifest can be included in an executable. Each type of manifest allows for a specific use mode of the application.
The following paragraphs present the details about each type of manifest and when they should be used.
The different types of users are as follows:
  • User: Windows user, with no specific rights
  • Power user: Windows user with specific rights or belonging to a group with specific rights
  • Administrator: User with management rights (domain administrator, local administrator, ...).
The table below presents the elements requested by Windows Vista according to the user and to the type of manifest used:
UserPower userAdministrator
Manifest without specific privilegesNo confirmationNo confirmationNo confirmation
Manifest with maximum available privilegesNo confirmationAsk for confirmation (1)Ask for confirmation (2)
Manifest with administrator privilegesAsk for administrator loginAsk for administrator loginAsk for confirmation (3)
(1), (2), (3): If the application is started from another application for which UAC has already been validated, the confirmation window may not be displayed.

Manifest without specific privileges

Benefit: The user will be able to start the application in Windows Vista (and later) even if the name or the description contains some specific keywords detected by Windows Vista ("Install" or "Setup" for example) as requiring the administrator rights.
No confirmation is requested when the application is started.
Drawback: If the application performs operations that require specific privileges (write into the registry, write into the system directories, ...), these operations will fail and no error message will be displayed if no specific process of the error is performed by the application. The presence of the manifest cancels the redirection system of UAC.

Manifest with maximum available privileges

The "Manifest indicating that the application requires the maximum available privileges" option is used to start the application in Windows Vista (and later). The executable will be run with all the privileges associated with the user account that runs it.
If the user is an administrator, a confirmation window will be displayed when running the executable.
If the user belongs to the "Power user" group, "Replicator" group or any other special group, the window for entering the administrator password will be displayed.

Manifest with administrator privileges

The "Manifest indicating that the application requires the administrator privileges" option is used to start the application in Windows Vista (and later). The executable will be run with all administrator privileges.
If the user is an administrator, a confirmation window will be displayed when running the executable.
If the user is not an administrator, a window for entering the administrator password will be displayed.

Custom manifest

The "Custom manifest" option allows you to include a ".manifest" file of your choice in the executable.
Remark: A ".manifest" file has a specific structure. Example of file:
<?xml version="1.0" encoding="UTF-8" stand-alone="Yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="MyApp" type="win32">
</assemblyIdentity>
<description>Test application</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security xmlns:ms_asmv3="urn:schemas-microsoft-com:asm.v3">
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator">
</requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Caution: The default manifest contains information such as how to display tooltips and how to use certain menu options. To find these features, the custom manifest must contain the following information:
<dependency>
   <dependentAssembly>
       <assemblyIdentity
           type="win32"
           name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
           processorArchitecture="X86"
           publicKeyToken="6595b64144ccf1df"
           language="*"
       />
   </dependentAssembly>
</dependency>
Signing an executable
If the UAC is enabled in Windows Vista (and later), the signature of a WINDEV application triggers the display of a blue confirmation window (instead of orange windows).
To sign a WINDEV application, you must contact a company for code signature. For example: Verisign, Thawte, ...
These companies will help you install the certificates on Mobile or Smartphone devices.
Remark: The wizard for executable creation is used to sign the WINDEV and Mobile executables. Simply select the desired certificate.
See also
Minimum version required
  • Version 11
Comments
Click [Add] to post a comment