Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent Vista from requiring elevation on patch.exe?

[I'm sorry that this isn't directly a programming question. But I have recently switched to a new Vista machine where I am keeping UAC enabled (please don't tell me to disable it, it's not an option).]

Every time I run gnu's patch.exe I get an elevation dialog from Vista. If I rename patch.exe to foo.exe it does not do this, so I assume this is one of Vista's "heuristics".

Does anyone know how to disable this? It's driving me nuts and the Googles aren't helping.

Or should I add a manifest just for patch.exe to tell the system NOT to try to elevate this? Will that work, and if so how do you make such a manifest?

Thanks so much, been banging my head against the wall for an hour on this so far.

like image 329
scobi Avatar asked Feb 10 '09 20:02

scobi


3 Answers

From:
http://social.msdn.microsoft.com/Forums/en-US/windowsgeneraldevelopmentissues/thread/bf4f7dfa-5553-41d3-9c8e-311ee4a88599/

If you can add a manifest to the affected executable declaring a requestedExecutionLevel of 'asInvoker' it should stop prompting.

Associated guide on UAC architecture and converting existing applications so they work correctly (near the bottom fifth of the page):

http://technet.microsoft.com/en-us/library/cc709628.aspx

Lastly, how to write such a manifest:

http://www.google.com/search?q=writing+a+uac+manifest

-Adam

like image 144
Adam Davis Avatar answered Oct 17 '22 00:10

Adam Davis


The problem is that your application does not contain an assembly manifest with a requestedExectutionLevel.

Background

All correctly written Windows applications are required to have an assembly manifest. And starting in 2006 one of the elements you're required to have is a requestedExecutionLevel that specifies if your application can only function if the user is an administrator.

If your application does not have an assembly manifest, or if it does not have a requestedExecutionLevel Windows will assume it is a legacy application, and do things to hopefully keep it running.

One compatibility thing for legacy applications is that some of them might be an installer, or an udpater, and can only function when run as administrator. Windows tries to guess these applications by their filenames:

  • setup
  • update
  • patch

Are all examples of filenames caught by compatibility heuristics that are trying to automatically elevate for the user.

If the application has no assembly manifest, then it is not a validly written Windows application.

The correct solution

The correct solution is to add the assembly manifest that all correct applications will have. This disabled the heuristics.

A sample UAC "asInvoker" manifest:

<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" />
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly> 
like image 6
Ian Boyd Avatar answered Oct 17 '22 00:10

Ian Boyd


In my case I had to write a wrapper program that makes the following:

1-Copy "patch.exe" file into the system's temp folder (%TMP%) with another name: "apply.exe"

2-Execute "%TMP%\apply.exe" with the desired arguments.

3-Delete "%TMP%\apply.exe" file

You won't need to write a manifest.

If you need to calculate the "patch.exe" full path, assuming the .exe is on the %PATH% environment variable, you can use the following code in C#:

public string GetPatchInstallPath()
{
    StringDictionary env = 
    System.Diagnostics.Process.GetCurrentProcess().StartInfo.EnvironmentVariables;
    string pathEnvVble = env["PATH"];
    string[] paths = new string[]{};
    paths = pathEnvVble.Split(new char[] { ';' });

    foreach (string p in paths)
    {
       string fullPath = Path.Combine(p, "patch.exe");
       if (File.Exists(fullPath))
           return fullPath;
    }
    return string.Empty;
}

Otherwise, you can pass the patch.exe full path to your wrapper program if you don't want to add a new entry to the %PATH% variable for your patch.exe location.

like image 3
Tate Avatar answered Oct 16 '22 22:10

Tate