How to set adminstrator privilege using manifest for Windows 10?

4.6k views Asked by At

I am developing software on Delphi XE for Windows 10 and I must run my software with administrator's privileges on 10. If I right click on the exe file and run it as an administrator, it doesn't raise any error, but if I run it in any other way the program raises error message Access Denied. So, it needs to have admin status. Initially I thought you could use task scheduler to accomplish this but it has issues as well. Now, I am learning I need to have custom manifest to do this on Windows 10. So after going through some stackoveflow questions, blogs and websites online, I created a manifest for my program as follows, but STILL when I run my program it raises Access Denied error message.

This is what I did:

Created the manifest file (GeoMonitor.manifest) using NOTEPAD:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">
<assemblyIdentity version="1.1.1.1">
processorArchitecture="*"
name="GeoMonitor"
type="win32" />
<description>elevate execution level</description>
<dependency>
<dependentAssembly>
<assemblyIdentity>
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustinfo xmlns="urn:schemas-microsoft-com:asm.v2"><security>
<requestedPrivileges>
<requestedExecutionlevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustinfo>
</assembly>

Created RC file GeoMonitor.rc using NOTEPAD

1 24 GeoMonitor.manifest

Linked both of these files to my project file after I unchecked the option Enable Run Time Theme in the project options.

enter image description here

Finally I complied my project files with no problem and then tested the complied exe file on Windows 10. It is still running as a user not as administrator. What am I doing wrong?

UPDATE: Is there anything I have to set in my project option - resource compiler section?

enter image description here

2

There are 2 answers

11
David Heffernan On BEST ANSWER

I think you have two problems:

  1. You are failing to compile the .rc resource script file to a compiled resource with .res extension, and linking that. You should not link the .rc file, or the .xml file. You need to link the compiled .res file. Compile the resource script with either brcc32 or rc.
  2. I can tell that you are not linking the .res file because your manifest is invalid. If you had compiled and linked that, the loader would reject your executable due to an invalid manifest.

Here's the minimum manifest that you need:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
        <security>
            <requestedPrivileges>
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
            </requestedPrivileges>
        </security>
    </trustInfo>
</assembly>

Clearly you'll want to add more, but start here, with a manifest file that is known to be good. Prove that it works as you expect. Then add more functionality.

One final point to make is that I suspect that you have been in the habit of disabling UAC. That is a really bad idea, even more so for a developer. Had you spent the past 10 years with UAC enabled then you would have come across all the UAC/standard user issues a long time ago.

0
Dinesh Gartaula On
function CreateRunAsAdmin(const AppNamePath: string): boolean; //AppNamePath=CreateRunAsAdmin(Application.ExeName);
var
   RegisterTemp: TRegistry;
   openResult: Boolean;
begin
   RegisterTemp := TRegistry.Create;
   with RegisterTemp do
   begin
      RootKey := HKEY_CURRENT_USER;
      //openResult:=OpenKey('\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers', True);
      OpenKey('\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers', True);
      WriteString(AppNamePath, 'RUNASADMIN');
      Result := True;
      Free;
   end;
end;