Making a .NET app run on Vista with Administrator priviledges

If you're targeting Windows Vista and your application requires administrator priviledges (such as accessing the program files directory), then it will fail unless you include a manifest so Windows knows. Fortunately, it's very simple.

First, add a manifest file to the root of your .NET executable project - you can do this by selecting "Add New Item" and picking "Application Manifest File". Alternatively just create a blank file called "app.manifest". The standard template that Visual Studio gives you looks like this:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"
xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.

<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />

If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>

The key part is the requestedExecutionLevel mode - which by default is set to "asInvoker". This means that the application will run under the priviledges of whoever started the application - remembering that under UAC even administrators on windows Vista are running as Users until they elevate their permissions.

If your application always requires administrator priviledges, then you can change this value to "requireAdministrator". Now, whenever your application starts it will always trigger UAC and ask the user to allow administrator access for your program.

Note that it's worth seriously considering whether you actually need to do this, and why - especially given the intrusive experience of UAC. For instance, you shouldn't need to write settings to Program Files, as Windows provides the user profile area and registry for just that purpose. In general UAC should hopefully force us all to think a bit more carefully about where we're storing data, and what permissions the application *really* needs.

You might also like...

Comments

James Crowley James first started this website when learning Visual Basic back in 1999 whilst studying his GCSEs. The site grew steadily over the years while being run as a hobby - to a regular monthly audience ...

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“Engineers are all basically high-functioning autistics who have no idea how normal people do stuff.” - Cory Doctorow