Vista UAC Questions
Keywords: User Account Control UAC Manifest Install Detection Requested Execution Level uiAccessFlag
Question:
I just got a system with Vista so that I could test my XP compiled scripts to see if they would work on Vista Business.
The scripts run but I get an Extender Error 271, Unable to determine module names for function window1=cWndByWndSpec
This is line of code created by RoboScripter on XP:
window1=cWndByWndSpec("SN2KGUI","poc",10,59648,0,0,0,0,0,0,59396,59393,59397)
Do I need to use RoboScripter to recreate the script on a system running Vista?
Answer:
Make sure you have version 2007B of WinBatch. There have been many changes to WinBatch to Support Vista and UAC (User Account Control).
If UAC is enabled, and you wish to control other applications....well, UAC considers this a potentially risky activity, so
it requires some hoop jumping
In order to run Roboscripter or Control Manager Extender functions, on a Windows System with UAC enabled requires that the
EXEs 'manifest' has 'uiAccess' set to TRUE. The lastest version of Roboscripter contains these settings.
There is no issue if UAC is disabled for the user running the code.
However since you need uiAccess=true....than means you also need
- The code must be "signed" you will need to get a "code signing certificate" ($200) for a good easy to use one, or $0 for a free,
hard to use one with the certificate, the compiler can sign the exe, basically stating that you vouch for the your program.
- Another UAC hoop is that your program must be installed either
- Someplace under your Program Files directory
or
- The Windows System 32 directory.
For more information about Code Signing please read: http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch+Code~Signing~an~EXE.txt
Question:
I have implemented the code signing and it seems to work correctly but I have a question.
Every time I launch my program on Vista it asks me to give permission for it to continue.
I've tried different variations of the options but I can't find a way to turn that off.
Also, I seem to recall that when I did the signing with the MS tools there was an option on
the "Continue" screen which said to trust any programs signed by my certificate. I don't see that now.
I am speaking of the compiler option and not by using the IC93() function.
Any suggestions?
Answer:
What manifest options did you choose? Anything except "asInvoker" and "false" will create a UAC prompt. Make sure to choose
Requested Execution Level: asInvoker and uiAccessFlag: false.
Question:
Apparently, the name of the exe can trigger a UAC regardless of its actual function. If you try to run JIMUPDATE.EXE, even if it
just says "Hello World", having the word UPDATE in the filename invokes a UAC. I think SETUP, UPDATE, INSTALL found in the
exe name cause this.
Answer:
Assuming you are referring to Vista's install detection, it is not usually an issue unless the executable does not have
a manifest with a "Requested Execution Level" setting in it. Also, install and update detection involves more than
just program names. MSFT documentation list the following:
- Filename includes keywords like "install," "setup," "update," etc.
- Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
- Keywords in the side-by-side manifest embedded in the executable.
- Keywords in specific StringTable entries linked in the executable.
- Key attributes in the RC data linked in the executable.
- Targeted sequences of bytes within the executable.
Also keep in mind that setting your script's manifest "requestedExecutionLevel" to "asInvoker" is not always a free ride either.
It all depends on what the script does. But generally, if the script interacts with other programs it can potentially fail
without the elevation produced by requestedExecutionLevel=requireAdministrator or perhaps requestedExecutionLevel=highestAvailable
in a UAC environment.
Of course the quick solution is to turn UAC off but you cannot assume that it will be off, if your script is distributed to others.
Welcome to the wonderful world of Vista.
Article ID: W17300
File Created: 2014:07:18:09:51:40
Last Updated: 2014:07:18:09:51:40