In part 1 of this tutorial I have presented how to run an application with and without elevation by specifying this from another process.

However there are some situations when an application cannot be run without administrative rights. For example a system configuration utility requires administrative rights to change some global policies.

In order to force an application to run only if the current user is administrator or can provide administrative credentials you must add a manifest to the C# project.

The manifest is an XML file named <application_name>.exe.manifest with the following content:



   
      
      
         
            
         
      
   

What is important is the requestedExecutionLevel element. It specifies what permissions (execution level) the application needs in order to start. If the current user does not have the required level then an elevation window is displayed (see part one of the tutorial that describes the elevation window).

The default value of requestedExecutionLevel if it is not specified in the manifest or the manifest does not exist is asInvoker. Except asInvoker and requireAdministrator there is another execution level. All three are described below:

ValueDescriptionComment
asInvokerThe application runs with the same access token as the parent process.Recommended for standard user applications. Do refractoring with internal elevation points, as per the guidance provided earlier in this document.
highestAvailableThe application runs with the highest privileges the current user can obtain.Recommended for mixed-mode applications. Plan to refractor the application in a future release.
requireAdministratorThe application runs only for administrators and requires that the application be launched with the full access token of an administrator.Recommended for administrator only applications. Internal elevation points are not needed. The application is already running elevated.

In order to embed the manifest in the aplication’s executable you can choose one of the following options:

1. The hard way – mt.exe

The Mt.exe file is a tool that generates signed files and catalogs. It is available in the Microsoft Windows Software Development Kit (SDK). Mt.exe requires that the file referenced in the manifest be present in the same directory as the manifest.

The manifest will be embedded after a successful build so we need to add this the call of Mt.exe in the post-build event. In order to do this right click the project -> Properties -> Choose “Build Events” from the vertical left tabs.

Mt.exe is found in many places on disk so the path to it might be different on your configuration. The post build command is:

“C:Program FilesMicrosoft.NETSDKv2.0 64bitBinmt.exe” -manifest “$(ProjectDir)$(TargetName).exe.manifest” –outputresource:”$(TargetDir)$(TargetFileName)”;#1

Make sure the paths to mt.exe and the .manifest file are correct. You should get something like this:

uac-hardway

This method has a drawback. If you start the application with debugging from Visual Studio it will start with limited privileges. Running without debugging will ask you to elevate the parent process (in our case Visual Studio).

2. The easy way – designer

Just create the manifest file, include it in visual studio, go to the “Application” tab in project’s properties and choose the manifest file from the Manifest combo box.

uac-easyway

Build.

This method that has another advantage. Even if running with Debug you will still be prompted to elevate Visual Studio.

uac-vsmsg

The source code can be downloaded below (it is the application from part 1 but includes the manifest file):

Download source

IMPORTANT: This tutorial is useless if you disabled UAC because all you processes (considering you are the administrator) run elevated.

5 comments

  1. Using UAC with C# – Part 3 | Ex nihilo nihil fit on January 6th, 2010 at 11:02 pm

    [...] to rank this topic by using the stars at the bottom of the text.After a long period since I wrote part 2 of this article I decided to add some extra information. There is one thing that was missed by the [...]

  2. Poncho MX on July 6th, 2010 at 8:54 pm

    Thank you for this tutorial
    really helped me alot

    cheers

  3. fabrizio on July 15th, 2010 at 12:56 pm

    Your post is very usefull. Thank you. :)

  4. Dilip on December 22nd, 2012 at 11:00 pm

    ya it is helped but i am not understand to use this tutorial than please help me. i am waiting you’r feedback….

  5. Bahad?r on June 25th, 2013 at 1:53 am

    Good work! :)

Leave a comment

Please write the comment in English!

Allowed HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>