How To Request UAC (User Account Control) Elevated Permissions - arcdev/engram404 GitHub Wiki

originally posted 2017-01-19 at https://engram404.net/how-to-request-uac-user-account-control-elevated-permissions/

As developers we often need to run an app that we've written (simulator, emulator, utility, monitor, whatever) as an administrator.
In Windows 7, it's easy enough to mark the EXE or shortcut to always Run as Administrator – but that means every user needs to do that.
In Windows 10, it's significantly more difficult and you basically have to tell Windows there's a compatibility issue with the app and go through this long, involved process.

Yup.

As the developer of the app, you need to add an app.manifest file.
You need to mark the requestedExecutionLevel as requireAdministrator.
Compile/build the app, and you're done.
Every time the app launches, it tells Windows that it needs administrator permissions and, if the user doesn't have UAC turned all the way down, then they'll be prompted for access.
I should note, if the user doesn't even have permissions to Run as Administrator, then this app can't even run.

I'll start by saying it's not actually possible to '"request administrator access'" within the same running app. The app either gets it when it's launched, or not at all. One of the recommendations from Microsoft is to partition your app so that you actually have multiple applications. One that runs under normal permissions and a second that is launched, only when needed, under administrator permissions and exits as soon as possible.

Let's start with a simple console app (in C#) that tells us if we're running as administrator.
(I lifted this code from StackOverflow.)

using System;
using System.Security.Principal;
static void Main(string[] args){
	Console.WriteLine(IsUserAdministrator());
}
public static bool IsUserAdministrator()
{
	bool isAdmin;
	try
	{
		var user = WindowsIdentity.GetCurrent();
		var principal = new WindowsPrincipal(user);
		isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
	}
	catch (UnauthorizedAccessException ex)
	{
		isAdmin = false;
	}
	catch (Exception ex)
	{
		isAdmin = false;
	}
	return isAdmin;
}

Run this and you'll see that it's not running as admin. (If it is running as admin, then chances are you have Visual Studio running as administrator. Remember that administrator permissions are inherited from the launching app context, so try launching your sample app from Explorer.)

Next, try running the app as admin, by right-clicking on the EXE and choosing Run as administrator.

Ok, now let's force it to run as admin.

Right-click on your project and choose Add -> New Item…
You'll find the Application Manifest File under the General grouping.

Next, make your way to /assembly/trustInfo/security/requestedPrivileges/requestedExecutionLeveland change the level attribute to equireAdministrator. It should look like this:

<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
...

Build your app and run it.
Now, this app always and must run as administrator.

For more information on trustInfo see MSDN <trustInfo> Element.
And here's a bit more on the Application Manifest Schema from MSDN.