The User Account Control Helpers library is an open project supporting the UAC feature of Windows Vista. It facilititates interaction with the UAC mechanism, handles manifest creation, extraction and embedding, and more.
The library currently offers the following two facilities:
- Embedding a UAC-compliant manifest into an executable image, extracting it from an image and merging it with an existing manifest;
- Interacting with the UAC mechanism.
- Using the library requires .NET Framework 2.0 to be installed. The library is provided as a Visual Studio 2005 solution comprised of one C# and two C++/CLI projects;
- There is a single known issue with the library that cannot be addressed in an elegant way. If UAC is disabled/enabled by changing the LUA registry key, a system restart is required for the change to take effect. Without detecting whether a system restart
has occurred, it's impossible to know if the UAC change has been effective. (The latter can be achieved by using a temporary file name, a RunOnce registry value, or a volatile registry key.)
Embedding a manifest is done using the EmbedManifest.exe application, although it exposes a public object model which can be used in its stead. It supports .NET and native executables of any processor architecture, and embeds the manifest correctly even if
there was a manifest before that has to be merged. To embed a manifest in the Sample.exe program, providing a description and a required execution level of "requireAdministrator", use the following command line:
EmbedManifest.exe Sample.exe "My Sample Description" requireAdministrator
Interacting with UAC is done through the UserAccountControl class, implemented in C++/CLI. It offers the ability to disable/enable the UAC (including restarting the system), querying for UAC-related state such as elevation status and UAC status, and the ability
to launch a process under an elevated token. For example, to launch an elevated process, you can use the following code snippet:
Process proc = UserAccountControl.CreateProcessAsAdmin("MyProgram.exe", "Argument1 Argument2");
To disable UAC on a machine and restart Windows for the change to take effect, use the following code snippet:
Finally, use the IsUacEnabled, IsCurrentProcessVirtualized, IsCurrentProcessElevated and IsUserAdmin properties on the UserAccountControl class to query for UAC-related information.
The v0.1 release adds the ability to launch a process non-elevated, even if the current process is elevated.
About the Author
Sasha Goldshtein is a Senior Consultant and Instructor for Sela Group (http://www.sela.co.il
), an Israeli software company speciailizing in training, consulting and outsourcing, and a Microsoft Visual C# MVP. Sasha's
work is comprised of conducting training and developing training materials, consulting on various Microsoft technologies, and of course - architecting and developing software. Sasha's current interests are always reflected on his blog at
, and include .NET internals, WCF/WF integration, Windows internals, interop solutions (including C++/CLI), advanced debugging, performance monitoring and investigation,
and many other things.