home products resource tuner tutorials
How To Tell Windows to Run The Application Elevated
Developers need a way to deploy the same build of the application on both Windows 11 and Windows XP. However, a new feature of Windows, User Access Control (UAC) causes processes to run as standard user even if you are logged in with a user that is the member of the Administrators group.
If your application needs administrative privileges, and you want it to run with elevated access as an administrator, you have to modify your current manifest, or generate an application manifest for your application that tells Windows to run the application elevated.
Manifesting the .exe for Windows 8.1 or Windows 10/11 will not have any impact when run on previous operating systems.
Resource Tuner allows you to patch a pre-existing binary exe to inject the Require Administrator info into it so that it would be forced to run as Administrator on Windows, providing the application the same operational behavior as in Windows XP. A modified exe should still work correctly on prior Windows operating systems.
BLS, Inc.
The application manifests have received an upgrade in Windows Vista. The Windows application manifest has been enhanced with attributes that allow developers to mark their applications with a requested execution level. These new attributes indicate to the system that you have a legitimate administrative application. Consequently, the system will prompt the user for approval to launch the application with full privileges.
Microsoft has extended the trustInfo section of the current Windows application manifest schema to include attributes that indicate a legitimate administrative application. The following is the format for this:
<requestedExecutionLevel
level="asInvoker|highestAvailable|requireAdministrator"
uiAccess="true|false"/>
where
level
- asInvoker — The application runs with the same token as the parent process.
- highestAvailable — The application runs with the highest privileges the current user can obtain.
- requireAdministrator — The application runs only for administrators and requires that the application be launched with the full token of an administrator.
If only a small number of features in an application will require administrative privileges (for example, an application needs to configure a firewall), the main process of the application must still be run as a standard user. The administrative features must be moved into a separate process that runs with administrative privileges.
uiAccess
- false — The application does not need to drive input to the UI of another window on the desktop. Applications that are not providing accessibility should set this flag to false. Applications that are required to drive input to other windows on the desktop (on-screen keyboard, for example) should set this value to true.
- true — The application is allowed to bypass UI protection levels to drive input to higher privilege windows on the desktop. This setting should only be used for UI Accessibility applications.
Applications that request uiAccess = true must have a valid, trusted digital signature to execute.
Three Easy Steps to Add the TrustInfo Section
1. Download Resource Tuner, open your file, expand the Manifest folder in the Resource Tree view and select the Manifest resource for editing.
Note: If your file lacks a manifest altogether, skip these steps and use the Manifest Wizard instead.
2. You will see the XML script, resembling something like this:
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.MyCoolApp"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Application description here</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="x86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
It's important to verify that there is no trustInfo statement in the manifest at this stage.
3. Now, let's insert the TrustInfo section into this manifest:
<!-- level can be "asInvoker", "highestAvailable", or "requireAdministrator" ->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
4. Finally, select 'File' 'Save File' or use the [Ctrl+S] hotkey combination to save the changes made to the target file.
Updating Manifests with Resource Tuner Console
If you need to update existing manifests, delete, or add new ones for several hundred files, you are more than likely going to want some way to implement this with a batch file. Whenever large numbers of files have to be processed or to be accessible through scripting / batching, you need Resource Tuner Console.
Start Tuning Your Applications Now!
Give Resource Tuner a trial run for 30 days free! Once you try it, we think you will find it hard to go back to other resource hacking utilities. For maximum editing and inspecting power, purchase a Personal license now for $49.95. The Business license is available for $89.95.