28

I have a console application that require to use some code that need administrator level. I have read that I need to add a Manifest file myprogram.exe.manifest that look like that :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator">
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

But it still doesn't raise the UAC (in the console or in debugging in VS). How can I solve this issue?

Update

I am able to make it work if I run the solution in Administrator or when I run the /bin/*.exe in Administrator. I am still wondering if it's possible to have something that will pop when the application start instead of explicitly right click>Run as Administrator?

Community
  • 1
  • 1
Patrick Desjardins
  • 136,852
  • 88
  • 292
  • 341
  • Are you running the application as an Administrator? – Nick Berardi Oct 22 '08 at 19:24
  • I am running VS as a normal user so no. But when I right click the console application and run it as administrator it works. I would like to have the "UAC popup" when i hit RUN in visual studio instead of bugging. – Patrick Desjardins Oct 22 '08 at 19:27
  • By the way, it works WHEN i run VS in administrator mode. What I would like is the popup if I do not run in administrator to let me switch to administrator mode. – Patrick Desjardins Oct 22 '08 at 19:28
  • Did you embed the manifest into myprogram.exe using the manifest tool (mt.exe)? Or is the manifest just sitting there on disk, in the same directory? – bk1e Oct 23 '08 at 00:58

3 Answers3

55

For anyone using Visual Studio, it's super easy. I was about to go set up the Windows SDK and do mt.exe post-build steps and all that before realizing it's built into VS. I figured I'd record it for posterity.

  1. Project | Add New Item -> Visual C# Items -> Application Manifest File
  2. Open app.manifest, change requestedExecutionLevel.@level to "requireAdministrator"
  3. Build

Ta-da

scobi
  • 14,252
  • 13
  • 80
  • 114
28

Scott's answer will do what you asked, but Microsoft recommends that console applications display an "access denied" message rather than prompt for elevation.

From http://msdn.microsoft.com/en-us/library/bb756922.aspx:

A console application presents its output on the console window and not with a separate user interface. If an application needs a full administrator access token to run, then that application needs to be launched from an elevated console window.

You must do the following for console applications:

  1. Mark that your application “asInvoker”: You can do this by authoring the manifest of your application in which you set RequestedExecutionLevel == asInvoker. This setup allows callers from non-elevated contexts to create your process, which allows them to proceed to step 2.

  2. Provide an error message if application is run without a full administrator access token: If the application is launched in a non-elevated console, your application should give a brief message and exit. The recommended message is: "Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks."

The application should also return the error code ERROR_ELEVATION_REQUIRED upon failure to launch to facilitate scripting.

My C# code for this is below. It is tested on Windows XP (administrator -> ok, standard user -> denied) and Windows Server 2008 (elevated administrator -> ok, non-elevated administrator -> denied, standard user -> denied).

static int Main(string[] args)
{
    if (!HasAdministratorPrivileges())
    {
        Console.Error.WriteLine("Access Denied. Administrator permissions are " +
            "needed to use the selected options. Use an administrator command " +
            "prompt to complete these tasks.");
        return 740; // ERROR_ELEVATION_REQUIRED
    }

    ...
    return 0;
}

private static bool HasAdministratorPrivileges()
{
    WindowsIdentity id = WindowsIdentity.GetCurrent();
    WindowsPrincipal principal = new WindowsPrincipal(id);
    return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
Joe Daley
  • 45,356
  • 15
  • 65
  • 64
  • 2
    A dozen years later, this guidance still holds up. One problem with using "requireAdministrator" with UAC in a console app is that the app will launch in a separate console that will immediately close on exit. If your app gets elevated into a separate console, does something, prints a message, then exits, the user won't have the chance to read the message unless you have one of those silly "press a key to exit" pauses before returning. – Dave Ruske Jul 13 '22 at 19:43
9

You need to embed the UAC manifest as an embedded Win32 resource. See Adding a UAC Manifest to Managed Code.

In short, you use a Windows SDK command line tool to embed it into your executable.

You can automate this as a post-build step by placing the following line as a post build task in your VS project's properties:

mt.exe -manifest "$(ProjectDir)$(TargetName).exe.manifest" -updateresource:"$(TargetDir)$(TargetName).exe;#1"
Judah Gabriel Himango
  • 58,906
  • 38
  • 158
  • 212