Change privilege level of a Windows application

As part of my preparation for the first exam, I discovered some features I didn’t know yet. As usual, the best way for me to remember them is to write a short review. Cheat sheet inside...

Today, the subject is: Security and privilege elevation… tada…

I will not care about the WHY this is needed, just about the HOW. By default, any .net application run as current user (invoker) and does not check any security level. Let’s imagine that we have to develop an application that needs to modify registry or add/update files in %ProgramFiles%. The invoker should be part of the local admin group or the application should not start.

This is this new pop up we discovered with Windows Vista and now in Windows 7.

Quick Note:

How to take a screenshot of the User account control pop up? Seems to be a stupid question, but try it and with default configuration, this is not possible. Here is how to do it:

You have to configure UAC to not switch to the secure desktop, and then you'll be able to take a screenshot of the UAC prompt.

Run Secpol.msc as administrator, expand Local Policies, Security Options, policy "User Account Control: Switch to the secure desktop when prompting for elevation", set to "Disabled". It is recommended to revert the changes after you've taken the screenshots.

After this quick note, let’s go back to our business. On your Windows application, add a new file called Application Manifest File. This will create app.manifest.

The default configuration of the manifest below shows: requestedExecutionLevel level="asInvoker", meaning that the application runs with the same privilege as the calling application.

<?xml version="1.0" encoding="utf-8"?>

<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>

  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">

    <security>

      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">

        <requestedExecutionLevel level="asInvoker" uiAccess="false" />

      </requestedPrivileges>

    </security>

  </trustInfo>

</asmv1:assembly>

If you want that the application request administrator privilege to be launched, replace the previous config. by the one below, with requestedExecutionLevel level="requireAdministrator"

<?xml version="1.0" encoding="utf-8"?>

<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>

  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">

    <security>

      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">

        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

      </requestedPrivileges>

    </security>

  </trustInfo>

</asmv1:assembly>

Note that with requireAdministrator as the level attribute parameter, the .exe icon changes, note the small windows shield icon.

To summarize, the three different values for the level attribute:

1. requireAdministrator: The application must be started with Administrator privileges; it won't run otherwise.
2. highestAvailable: The application is started with the highest possible privileges.  If the user is logged on with an Administrator account, an elevation prompt appears. If the user is a Standard User, the application is started (without any elevation prompt) with these standard privileges.
3. asInvoker: The application is started with the same privileges as the calling application.