Prevent elevation (UAC) for an unsigned application

Question

I'm in the task to make a .manifest file, so Win7 does no bother me with the UAC because it is an unsigned app. (The app is old and wont be upgraded)

I've tried several ways from looking around the web, but it is not working

<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

I've have also looked at:

The Application Compatibility Toolkit (as this question recommends), but it is too cumbersome and did not solve the problem.
This question is similar, but ends solving the problem for that specific product (Crimson Editor)

Do you know how to craft the .manifest XML file so an unsigned app runs without warning?

score 1 · Accepted Answer · answered Sep 11 '09 at 17:21

1

As per my knowledge, In Vista, any app which does not have a manifest will not be elevated (but will be Virtualized). But running it will not invoke the secured desktop till you do "Run as Administrator".

The manifest you gave as an example will just make sure Vista knows that your app is Vista aware. "As Invoker" means that your app does not require Administrative Privileges. But till you make it "Require Administrator", it will NOT show the UAC Prompt. (I answered for Vista since I have worked n it. I think Windows 7 would behave similarly).

answered Sep 11 '09 at 17:21

Ganesh R.

5,179
1
27
28

1

An app that does not have a manifest will be elevated if it contains "setup" or "update" in its name. – bk1e Sep 15 '09 at 08:08
@bk1e: you are forgetting "install". – Andrew Moore Sep 25 '09 at 22:07

score 0 · Answer 2 · answered Sep 11 '09 at 16:46

0

You're really asking here for a hole in UAC. Such holes are normally plugged-in by Microsoft as soon as they're discovered ...
It looks to me like a much more lasting solution to just digitally sign this old executable.
Signing can be done on any existing executable, and does not require its re-linking or re-compiling or otherwise knowing anything special about it. Application-signing certificates only cost a few hundred bucks per year.

answered Sep 11 '09 at 16:46

harrymc

455,459
31
526
924

2

No, he's asking for it to NOT elevate at all, rather than elevate silently. This is something that should be in the compatibility tab, really, it's a pity it's not. – Phoshi Sep 11 '09 at 17:33
Doesn't that still mean that signing his application will fix his problem ? Please note that I didn't answer his question, but rather what (I think) is the underlying problem that he was assigned to solve. – harrymc Sep 11 '09 at 18:24
EDIT: Free code-signing services now exist - see [this post](https://stackoverflow.com/questions/1177552/code-signing-certificate-for-open-source-projects). – harrymc Jan 07 '18 at 07:59

Prevent elevation (UAC) for an unsigned application

2 Answers2

Linked