How do I make a console app always run as an administrator?

L

3

20

I have a console application that was developed to be called by a erp software.

They call my app inside the erp and when they do it, i always get errors related to the insufficient permission to do it.

I have checked the "run this program as an administrator" checkbox in the properties of the exe for all users but the result is the same.

I have read something about adding a manifest that will make the app prompt for the uac dialog, but thats not what i want because the app will be called from erp on the server and clients will not see the dialog on server.

Can someone explain me how to make this console app always run as administrator?

Lesslie answered 13/3, 2013 at 18:14 Comment(1)

Why does this console program need administrative privileges? – Crag 13/3, 2013 at 18:26

C

12

First, understand that there WILL BE a UAC dialog at some point in this process. There is no way to avoid it. There are a few approaches you can take:

Have the people run the ERP software elevated. I am including this only for completeness. It is awful to have to consent to the UAC prompt every time you run the app when you usually don't need the powers. It would be a handy quick test, though, for you to confirm that if your app is elevated, things will work. Everything launched from an elevated process is elevated, so if your app still gets the error message, this isn't something you'll fix by elevating.
Change the code in the ERP app to launch your app elevated. You mention C#. Launching with the runas verb is an approach here. This puts the burden on the ERP developer and they may not be able to do it.
Add a manifest to your app. You can embed one, or if your app is called foo.exe just hand-create a foo.exe.manifest file with the appropriate requestedExecutionLevel. To embed one, use the Properties page of your C# project to choose the right kind of manifest. Make sure you're launched with UseShellExecute set to true, or the manifest will be ignored.

If you choose the first option, the UAC prompt will be every time the ERP app launches. Not good. If you choose the second or third, the UAC prompt will be every time your console app is launched from the ERP app. Probably acceptable.

One other thing you might consider is looking far more seriously into why the console app needs admin privs. Are you writing to the root of C or to Program Files? Are you updating a registry key in HKLM? Whatever you're doing, why are you doing it that way? Unless your app installs or configures something (in which case getting a UAC prompt is good and proper) you should try to adapt it so that it writes to pre-user storage and doesn't need elevation. Then you will no longer be worrying about how to launch it elevated, in any case.

Cleat answered 13/3, 2013 at 18:53 Comment(5)

"One other thing you might consider is looking far more seriously into why the console app needs admin privs." Well said. This is exactly and precisely the right question to be asking. – Crag 13/3, 2013 at 19:13

weel i'm adding x509 certificates to the windows store, reading certificates from store, access a database and connect to a external webservice.Is this mandatory to have administration rights? – Lesslie 14/3, 2013 at 9:42

i'm also using EventLog.WriteEntry() to log errors on the event viewer. so i think i realy neeed admin rights. right? – Lesslie 14/3, 2013 at 10:9

accessing the database, connecting to a webservice, and writing to the event log DEFINITELY don't need admin rights. Creating the event log for the first time does. Not sure about the certificates but worth looking into – Cleat 14/3, 2013 at 10:16

well writing to event log need's elevated privileges.I have removed this line of code and now i'm making the log directly to database. now it is working. thanks for pointing me the right direction. – Lesslie 14/3, 2013 at 16:16

R

54

Add into your project Application Manifest File (Add -> New Item -> General -> Application Manifest File) and add the below node into the app.manifest:

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

http://msdn.microsoft.com/en-us/library/windows/desktop/bb756929.aspx

Retiring answered 13/3, 2013 at 18:31 Comment(2)

This should be the answer, much more straight forward and simple. – Geotaxis 9/5, 2017 at 6:17

What's the equivalent for C++? I can't find this Application Manifest File item for a C++ console application. – Odom 17/9, 2019 at 1:30

C

12

First, understand that there WILL BE a UAC dialog at some point in this process. There is no way to avoid it. There are a few approaches you can take:

Have the people run the ERP software elevated. I am including this only for completeness. It is awful to have to consent to the UAC prompt every time you run the app when you usually don't need the powers. It would be a handy quick test, though, for you to confirm that if your app is elevated, things will work. Everything launched from an elevated process is elevated, so if your app still gets the error message, this isn't something you'll fix by elevating.
Change the code in the ERP app to launch your app elevated. You mention C#. Launching with the runas verb is an approach here. This puts the burden on the ERP developer and they may not be able to do it.
Add a manifest to your app. You can embed one, or if your app is called foo.exe just hand-create a foo.exe.manifest file with the appropriate requestedExecutionLevel. To embed one, use the Properties page of your C# project to choose the right kind of manifest. Make sure you're launched with UseShellExecute set to true, or the manifest will be ignored.

If you choose the first option, the UAC prompt will be every time the ERP app launches. Not good. If you choose the second or third, the UAC prompt will be every time your console app is launched from the ERP app. Probably acceptable.

One other thing you might consider is looking far more seriously into why the console app needs admin privs. Are you writing to the root of C or to Program Files? Are you updating a registry key in HKLM? Whatever you're doing, why are you doing it that way? Unless your app installs or configures something (in which case getting a UAC prompt is good and proper) you should try to adapt it so that it writes to pre-user storage and doesn't need elevation. Then you will no longer be worrying about how to launch it elevated, in any case.

Cleat answered 13/3, 2013 at 18:53 Comment(5)

"One other thing you might consider is looking far more seriously into why the console app needs admin privs." Well said. This is exactly and precisely the right question to be asking. – Crag 13/3, 2013 at 19:13

weel i'm adding x509 certificates to the windows store, reading certificates from store, access a database and connect to a external webservice.Is this mandatory to have administration rights? – Lesslie 14/3, 2013 at 9:42

i'm also using EventLog.WriteEntry() to log errors on the event viewer. so i think i realy neeed admin rights. right? – Lesslie 14/3, 2013 at 10:9

accessing the database, connecting to a webservice, and writing to the event log DEFINITELY don't need admin rights. Creating the event log for the first time does. Not sure about the certificates but worth looking into – Cleat 14/3, 2013 at 10:16

well writing to event log need's elevated privileges.I have removed this line of code and now i'm making the log directly to database. now it is working. thanks for pointing me the right direction. – Lesslie 14/3, 2013 at 16:16

Y

1

create a batch file containing something like:

runas /env /user:%USERDOMAIN%\%USERNAME% cmd.exe /K YourProgramName.exe

Where %USERDOMAIN% and %USERNAME% are replaced by your admin account details.

And run that instead?

Yalta answered 13/3, 2013 at 18:18 Comment(1)

That will run the app as that user but won't elevate the session to that of an admin even if the user has admin rights – Bantustan 9/12, 2016 at 17:7

Recommended topics

Hot tags