How do I add "requires elevated privileges" to an existing EXE file? (Or can I set it when running IExpress?)

Question

We have an installer for our application. (A C++ program, created in VisualStudio 2012.) The installer is now signed and require elevated privileges - the user gets a neat UAC question.

For some customers though, the installer needs a lot of other files. We use IExpress to create a self-extracting archive. The user runs the self-extracting EXE file, the files get unpacked and our installer starts.

But that doesn't work after we added UAC support. The EXE built by IExpress won't start a program that requires elevated privileges.

An easy solution would be that the EXE built by IExpress also requires elevated privileges. But I haven't found a flag to IExpress that does that. (Or did I miss something?)

Is there an easy way to add the "require elevated privileges" to an existing EXE file?

Answer 1

A fairly easy way to do it seems to be via cmd.exe. Just change your install program from, eg:

setup.exe

to

cmd /c setup.exe

Then the IExpress “magic UAC detection” won’t happen, and the user will get the standard UAC prompt when your program runs.

---

If you want to know more…

New versions of IExpress include a manifest which deliberately does not request UAC elevation for the IExpress-generated package itself. Here’s what it looks like in wextract.exe (the part that is actually bundled in your generated package):

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
    <requestedPrivileges>
      <requestedExecutionLevel
        level="asInvoker"
        uiAccess="false"/>
    </requestedPrivileges>
  </security>
</trustInfo>

According to MSDN, the asInvoker level means: The application will run with the same permissions as the process that started it.

Apparently there are some programs which can modify the manifest after-the-fact. One is called ResEdit, though I recommend that you download it from SoftPedia, as the .net site seems to carry some adware now. I didn’t have any luck with it (I think because I didn’t have Visual Studio installed) but maybe it will work for you.

If you decide to go this route, try to change the level to requireAdministrator.

Answer 2

If you right click the installer exe file, go to Properties and click Compatibility then check the check box called Run this program as a administrator and click OK it should work.

Answer 3

you could try this in the post installation command of iexpress wizard:-

PowerShell -windowstyle hidden -command "Start-Process -Wait setup.exe -Verb Runas"

-windowstyle hidden hides the powershell window.

-Wait waits for the completion of setup.exe before deleting temp files(where iexpress files are extracted by default)

-Verb Runas Requests for elevation.