I have a program that needs to run with normal privileges. To prevent piracy, at the launch of our application we launch a License Manager application that needs to run with Elevated Privileges. Upon enquiring with our vendors, the License Manager seems to have this elevated privileges added in its app.manifest file which is necessary to read some kind of Disk ID information, so it is mandatory (we cannot reduce its privilege requirements).
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
The application successfully launches the License Manager if it is placed in a normal folder. However when it is placed in Program Files folder, it seems to close at launch with no intimation.
We also checked running the application with normal credentials without adding the License Manager (it works fine).
Do we need some sort of settings to be changed either in registry or in some other windows settings to enable launching elevated privileged application from normal account. Or perhaps some code snippet needs to be added at the code launch section which can enable this scenario.
We have even tried pasting the folder created in Program Files to the Desktop (it also runs fine).
OS: Windows 7
Please let me know if any additional information is needed form my side. Any help in this direction is appreciated.
My Humble appologies for assuming problem with Program Files Directory.
It turned out that the logs written by the License Manager were being written in the current application execution folder. The problem was caused by trying to write the log to Program Files folder when the appliction did not have the permissions to write a text file to this folder.
The logging logic was shared between the License Manager (from the program we called a function that was defined in the License Manager, which was writing logs) and the application running from the Program Files folder.
We changed the log creation folder to AppData folder. This has caused the applicaiton to launch successfully.
Cause Conclusion:
Writing log file in Program Files folder from an application that did not have admin privilege.
Note: I have added this post and this answer purely to help other like me, in case they dont have a solution in this type of scenario.
Related
I have a simple Windows Form application(WPF) with entity framework. After compiled, only a few files generated:
EntityFramework.dll
EntityFramework.xml
MyApp.exe
MyApp.application
MyApp.exe.config
...
Then I just copy following files to a network shared folder:
EntityFramework.dll
MyApp.exe
MyApp.exe.config
Then I can double click on MyApp.exe from developer computer the launch the app, but can not launch from another end user computer.
How to resolve this problem?
When you double click, app is not launching means certainly it is crashing so type the command eventvwr in run or cmd it'll open the Event viewer in that go to Windows Logs and Click on Application, you can see different levels of logs in that just find the last error log view the details it might help you
Have a look in the event log on the target computer and look at the error that is actually being reported.
It could be a missing installation of the correct version of the DotNet framework as suggested in the comments above, or it could also be that the execution policy of the target computer is preventing the user from running from a network drive (As a developer you probably have admin rights on your local pc allowing you to do this).
Whatever the actual cause you are always better to use some form of installer, rather than this form of putting files on the network (commonly known as xcopy deployment).
Probably the best solution is to use Visual studio to generate you a click once installer and publish it to your network drive. This will then copy the application locally on the users pc and run it from there.
hi the win mobile 6 code tries to write files on network shared folder, but always gets UnauthorizedAccessException. I have checked permission and security setting on the folder and the code can read the file but just cant write to it. The code runs under administrator account which has full control over the folder and files. It is in vs 2008 professional with device emulator.Any help please? thanks very much.
You've verified that you can write the file outside of your program, correct? i.e. logged into a machine account and tried placing that specific file there.
Do you have access to the system that hosts the file? If so, you can check it's access logs to verify which account your app is using.
My guess would be that either your app isn't using the account you think it is, or that the admin account may doesn't actually have write access to that folder or file.
I've become familiar with the new concept of "out of browser" web applications, supported in the recent Silverlight, JavaFX, Adobe AIR etc.
Listening recently to a podcast on the subject by Scott Hanselman, I've become aware that one of the purposes behind these new architectures is to allow for "desktop-application-feel". Also, I understand some (or all) of these allow for some offline access to a sandbox of resources. This really sounds as if these frameworks could be an alternative to "real" desktop applications, as long as the application does not require messing with the user's machine (i.e. access to peripherals, certain file IO, etc).
I have a very specific question. My application needs to run at start-up. Is it possible to do so using such a framework without requiring the user to download and run a certain executable?
For example, I could always direct the user to download a small EXE that will put a .lnk file in the start-up directory, but I want to avoid such a patch.
To summarize: is it possible to have an out-of-browser web application setup itself to run at start-up without requiring file download?
To further clarify, this question does not come from an "evil" place, but rather from trying to decide whether "out-of-browser" frameworks are indeed a proper alternative to a desktop application, for my specific requirements.
The BkMark example here shows how to start an application on startup using Adobe Air. So, yes it is possible.
So, here's the deal: web apps in general will have a security context around them, and by default won't have access to write to the filesystem (outside of a temp files), access the registry, etc.
One way is, as you said, have the user run something or configure it so the lnk is executed on startup.
Another way, and I think, more in line of what you want, is that the user can run the program himself, click some button in the application, and it's configured.
I know with Java you could do this, but the user has to allow full access to their system, because your app would need to change System configuration. Then you could just configure it (by writing a lnk to your WebStart JNLP in the Startup folder)
For Internet Exploder, Javascript apps do have write access to the disk.
For other (better-secured) browsers you will either need to have a download, or Adobe AIR.
Assuming you are building for Windows, launching an executable at startup can be done several ways.
For user session startup, you can achieve this either by putting a lnk file in the appropriate folder, or with a registry entry. For operating system startup, you can achieve this with a registry entry. There are several permutations:
run application once on boot (UI not allowed)
run application every boot (UI not allowed)
start service every boot according to policy set in registry
run application once on user session start
run application every user session
Since an out of browser application has UI I expect you mean run application every user session and in this case you may as well put an LNK file in the user's startup folder.
I just created a shortcut for an SL4 OOB application, and this was the Target of the shortcut:
"C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 2635882436.localhost
A search of my disk revealed that location 2635882436.localhost is a folder.
C:\Users\<mylogin>\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\2635882436.localhost
I rather doubt an OOB app of any type could place a shortcut in the Startup folder unless you somehow obtained Full Trust.
I have a program that works fine if UAC is turned off. I want to be able to use a manifest to have it simply request elevation privileges when it launches.
The instructions from MS say "The application manifest file should have the same name as the target executable file with a .manifest extension" and that's probably why I am not having any success.
http://msdn.microsoft.com/en-us/library/bb756929.aspx
My program is built as "one.exe" and then {SmartAssembly} renames it to "two.exe" and then the users are encouraged to rename it again. I can't tell if that matters or which executable name to use.
Does anyone know if what I want is even possible? If not, is there a way to have the app tell the user that the problem us UAC related?
Thanks in advance.
Embed the manifest as a resource inside your .exe
I don't really understand windows UAC...
I need for my program to be able to update and add files to a specific directory belonging to a program. This directory may be a subdirectory of an application in Program Files, for example c:\Program Files\MyApp\Data or it may be installed elsewhere.
I believe that if it's under Program Files then my program will be prevented from writting there unless it is running as an administrator AND has elevated it's access rights. Is that correct?
I need to be able to update files in that directory preferable without invoking elevated privileges and with the main application still "protected", just allow access to that one directory. I can't move the Data folder elsewhere as this as it's a 3rd party application I need to interface with.
How is it determined that UAC is needed for folders in Program Files? Is Program Files special in some way or is just permissions? If I were to adjust the permissions on that Data subdirectory so that the user account running the program had write access would that allow my application to update files in that directory without special privileges?
Or is there a better way to achieve this that I'm not thinking of? My update program needs to be in java so getting elevated privileges is a pain. I imagine I'll need to write a C++ wrapper to run the java VM so that i can give that wrapper an appropriate manifest. Not impossible but I don't really want to have to do this.
Try changing your application's directory security settings on-install to allow "Authenticated Users" write permissions.
Usually, when you need both protected and unprotected UAC modes you do the following.
Create two executable (one should be the main one and not require privileges for any operation, the second one should be able to perform privileges operations).
Start the first (main) one using limited privileges.
When you need to perform an privileged operation, create a new process with administrative rights (will pop the UAC window) and start the second application in it.
When done with the second application close it and you'll be back to limited mode.
This is how VMWare Workstation does when you change global settings.
Edit: Changing the permissions on a folder is not a good approach. Is just a dirty hack because anybody can write to that folder and this will just invalidate the role of UAC - after all this is the role of UAC: to prevent unprivileged changes in special folders.