2

I have 2 applications written in Delphi. The first exe (with a user interface) calls another using ShellExecuteEx(), which runs as a background process.

When the first exe invokes the second, one of these two things happen:

  1. When I log in as an admin, a UAC dialog comes up with the Allow/Cancel prompts. Selecting Allow continues the execution.

  2. If I log in as non-admin, an admin credentials dialog box is displayed, and I need to enter the admin username/password to continue.

On both occasions, I want the second exe to run without any user intervention. How can I make it possible?

And yes, I tried applying the ElevateCreateProcess mitigation as suggested by SUA tool, but it doesn't seem to work - the behaviour is as before.

Thanks for your help.

4

3 回答 3

1

第一个 EXE 需要以提升的权限启动,才能在没有 UAC 提示的情况下调用第二个。或者...您可以为第二个 EXE 使用清单,告诉 Vista 它不是管理工具,并且仅以当前用户身份运行。

另存为 Second.exe.manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<!-- Vista UAC Support -->
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
  <ms_asmv2:security>
    <ms_asmv2:requestedPrivileges>
      <ms_asmv2:requestedExecutionLevel level="asInvoker" />
    </ms_asmv2:requestedPrivileges>
  </ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
于 2009-06-18T17:33:01.997 回答
1

你的第二个文件的文件名是什么?

Vista 假定某些文件名需要管理员权限 - 尤其是名称为“setup”或“install”的文件。

另外:如果您想要的是能够以管理员权限运行程序而无需 Vista 抛出 UAC 提示,那么您就不走运了。如果可能的话,那将是对安全性的严重破坏。

您的第二个程序是否需要管理员权限?

当您尝试直接从 Explorer 执行第二个程序时会发生什么?UAC 提示?如果是这样,那么 Vista 正试图以管理员身份运行它,或者因为文件的文件名,或者因为清单(内部或外部)请求是。

于 2009-06-18T20:19:31.200 回答
0

是的,您需要一个与此类似的应用程序清单

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>   


    <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="UacTest"   type="win32"/>   
       <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">   
       <security>  
          <requestedPrivileges>  
             <requestedExecutionLevel level="highestAvailable"/>    
          </requestedPrivileges>  
       </security>  
    </trustInfo>  
  </assembly>

记下“requestedExecutionLevel”标签

于 2009-06-18T17:33:46.940 回答