We have an installer for our application. (A C++ program, created in VisualStudio 2012.) The installer is now signed and require elevated privileges - the user gets a neat UAC question.
For some customers though, the installer needs a lot of other files. We use IExpress to create a self-extracting archive. The user runs the self-extracting EXE file, the files get unpacked and our installer starts.
But that doesn't work after we added UAC support. The EXE built by IExpress won't start a program that requires elevated privileges.
An easy solution would be that the EXE built by IExpress also requires elevated privileges. But I haven't found a flag to IExpress that does that. (Or did I miss something?)
Is there an easy way to add the "require elevated privileges" to an existing EXE file?
A fairly easy way to do it seems to be via
cmd.exe
. Just change your install program from, eg:to
Then the IExpress “magic UAC detection” won’t happen, and the user will get the standard UAC prompt when your program runs.
If you want to know more…
New versions of IExpress include a manifest which deliberately does not request UAC elevation for the IExpress-generated package itself. Here’s what it looks like in
wextract.exe
(the part that is actually bundled in your generated package):According to MSDN, the
asInvoker
level means: The application will run with the same permissions as the process that started it.Apparently there are some programs which can modify the manifest after-the-fact. One is called ResEdit, though I recommend that you download it from SoftPedia, as the .net site seems to carry some adware now. I didn’t have any luck with it (I think because I didn’t have Visual Studio installed) but maybe it will work for you.
If you decide to go this route, try to change the
level
torequireAdministrator
.