Watch the presentation I prepared for Oslo Delphi Clubs meeting in December for learning what UAC is and why it will affect you.
I have only extracted a part of the presentation into this article. It is the content on how you fix it in Delphi.
You can also download the video, example application and slides.
You application should work out of the box in Windows Vista if you have followed the guidelines about how to write a well behaving Windows application that has been in the Windows logo program for years.
The only thing that has really changed is that things that earlier where recommendations is now enforced. If you break the rules Vista has some bold compatibility features that probably will make administrating your application a nightmare.
Requested Execution Level in Delphi
Include information about execution level in your executable to turn of the compatibility mode and signal to Vista if this application should run as a standard user or must be an administrator.
First add a resource with a manifest to your application. Make sure to remove all references to XPMan unit from project!!!
The rc file is compiled to a res file and only contains the resource type (24 for Manifests) and the filename of the resource file to be embedded.
The Manifest file
First section with dependency information is the same as you include today when the XPMan unit to get the new look and feel of the user interface. This part is needed.
The second section with trust info is new.
- level=”asInvoker”
- Start process running with same token as the process creating it.
- level=”highestAvailable”
- Ask administrators for consent to elevate but start as standard user if user has no administrative privileges
- level=”requireAdministrator”
- Ask administrators for consent to elevate.
- Standard user will get login dialog for over the shoulder support
- Will only start with administrative privileges
Windows XP Warning!
Incorrect formatting of Manifest can blue screen Windows XP. Read KB921337.
SHGetFolderPath
Many locations are read only for standard user! Do not open files or registry keys with Write flag.
It is important to use a correct path. A lot has moved around in Vista so no hard coded strings in your application. Save data, log files, etc. in the right location using SHGetFolderPath.
- CSIDL_PERSONAL { My Documents }
- CSIDL_APPDATA { Application Data, new for NT4 }
- CSIDL_LOCAL_APPDATA { non roaming, user\Local Settings\Application Data }
- CSIDL_COMMON_APPDATA { All Users\Application Data }
- CSIDL_MYPICTURES { My Pictures, new for Win2K }
- CSIDL_COMMON_DOCUMENTS { All Users\Documents }
- …
RunAsAdmin
Using ShellExecute to start process running as administrator. The Application.Handle delays elevation if the application is minimized preventing the secure desktop to steel focus for the consent dialog when the user is doing something else. Use Application.Handle (or MainForm.Handle if you have applied other patches that make it the application windows)
If you do not use a handle UAC will always give direct foreground elevation.
Using COM class for Admin tasks
Instead of launching a separate application to perform an admin task it is possible to call a COM object that runs elevated from a process that only run as standard user.
The COM Server must be an EXE and the EXE should have requireAdministrator to install COM objects correctly. You have to add two things to the registration:
- add value LocalizedString (and resource string in executable)
- add key Elevation and value Enabled = 1
Creating the elevated COM object
Use a Moniker from the User Process to create an elevated CoClass running in process with admin token. Call it’s methods as usual.
Adding the Shield to your buttons- SetElevationRequiredState
It is very simple to get the Shield icon onto your buttons, links and menu items to indicate that clicking them will require admin rights and that a consent dialog will appear.
See also:
Connect with Us