Vista requires elevation by filename?

I'm Michael Suodenjoki - a software engineer living in Kgs. Lyngby, north of Copenhagen, Denmark. This is my personal site containing my blog, photos, articles and main interests.

Updated 2011.01.23 15:37 +0100

 

Vista requires elevation by filename?

Well, you'll probably already know that Vista means tightened security. This means that you have to develop with UAC (user account control) in mind. Not that you shouldn't already have done so, but now you'll be forced to do something about it.

I've just stumbled on a funny problem with one of our small console executables which we're using in our build environment to update/stamp version numbers directly into executables. The program filename was "update_verinfo.exe".

I couldn't understand that when executing this on Vista I was prompted with the UAC dialog for administrative rights. To my knowledge the update_verinfo.exe did not require administrative rights, so why did this happen?

A search on Google did not initially suggest any deeper  explanation. I began to comment out code to see whether that would help. I ended up having a simple program which required administrative rights, uh?

// compile: cl /EHsc update_verinfo.cpp
void wmain()
{
  return 0;
}

I began experimented with renaming the output file (cl /Fe option) and voila, the UAC dialog disappeared? The executable filename must not contain the word "update", that's it!

When I knew that, a second Google search did return interesting search results. Deep down in the Vista UAC Developer Requirements - in the "Installer Detection" section it was mentioned that filenames containing the words "install", "update", "setup" etc. would qualify as possible installer programs, thus requiring elevated rights. This is a quite ridicules way to solve a problem - very Microsofty.

Well, a simple file rename was possible in our case, but I guess (I haven't tried it) it also could be solved by adding a manifest file in where you specify the requested privileges' under which the executable should run (remember to use as low level as possible), something a la:

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' 
  manifestVersion='1.0'>
  <dependency>
   <dependentAssembly>
      <assemblyIdentity type='win32' 
       name='Microsoft.VC80.DebugCRT' 
       version='8.0.50608.0' 
       processorArchitecture='x86' 
       publicKeyToken='1fc8b3b9a1e18e3b' />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> 
    <security>
      <requestedPrivileges> 
        <requestedExecutionLevel level="asInvoker" /> 
      </requestedPrivileges>
    </security>
  </trustInfo> 
</assembly>

Footnote 1: In Vista you may have noticed that some shortcuts or executables when viewed as icons is displayed with a shield overlay icon. This indicates that you need elevated rights for executing the application. (more)

Illustrates the shield overlay icon ontop the update_verinfo.exe

Footnote 2: We don't currently write the manifests files manually. They are generated automatically partly using #pragma comments in our C++ code for automatic inclusion in the manifest dependencies and using build environment (see). So it is not currently an option to add the trustInfo manually. It would be nice that you could add the trustInfo section using a #pragma directly in the C++ code - as this poor guy is trying to ask for.

More: