Adding a manifest to a legacy app (from an administrators point ofview)

  • Thread starter Thread starter Thorsten Butz
  • Start date Start date
T

Thorsten Butz

I'd like to know if there is a general way to add a valid manifest to a
legacy app.

Consider I'm an admin and I simply have a "application.exe"-file and I
want to add a manifest which tells the OS wether or not to elevate the
user's rights, e.g.:

<requestedPrivileges>
<requestedExecutionLevel
level="highestAvailable"
uiAccess="false"
/>
</requestedPrivileges>

Is that possible or do I need the source-code?

Regards,
Thorsten
 
Hello Thorsten,

Thank you for using newsgroup!

Based on your requirement, I suggest you refer to the following resources:

If you are a Microsoft Empowered, Certified, or Gold Partner, you may use
your advisory benefits on technical issues for Vista Logo Certification.
Global Partner Support has assembled a team to specifically provide Vista
Logo Certification advisory service. We will advise you at a technical
level for each Test Case and help you get through the Vista Logo
Cerification process.

Provide your Microsoft Partner Id when you contact Global Partner Support,
and a Microsoft support case will be created.

To contact ISV Global Partner Support Team:
Email: (e-mail address removed)
ISV Advisory Services Phone: 1-800-426-9400 Option 1, Ext 84153


Registered only partners may receive 10 advisory hours of email support
accessed from the "Innovate on Vista" website link below. Learn more about
the Vista Logo Certification promotion and sign up as a Microsoft
Registered Partner at: www.InnovateOnVista.com

There are many benefits of getting your Windows Application Vista Logo
Certified. One benefit is you will qualify to become a Certified Partner.
ISV Global Partner Support also provides architectural guidance, custom
workshops, migration best practices, assistance with proof of concepts, and
code samples.

Microsoft Partner Program Website:
https://partner.microsoft.com/US/partner

933305: Applications that have earned the "Certified for Windows Vista"
logo or the "Works with Windows Vista" logo
http://support.microsoft.com/kb/933305/en-us

Application Compatibility and Partners
http://technet.microsoft.com/en-us/windowsvista/aa905104.aspx

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Date: Sun, 02 Sep 2007 17:06:19 +0200
| From: Thorsten Butz <[email protected]>
| User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
| MIME-Version: 1.0
| Subject: Adding a manifest to a legacy app (from an administrators point
of
| view)
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
| NNTP-Posting-Host: dslb-084-062-142-141.pools.arcor-ip.net 84.62.142.141
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:5254
| X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|
| I'd like to know if there is a general way to add a valid manifest to a
| legacy app.
|
| Consider I'm an admin and I simply have a "application.exe"-file and I
| want to add a manifest which tells the OS wether or not to elevate the
| user's rights, e.g.:
|
| <requestedPrivileges>
| <requestedExecutionLevel
| level="highestAvailable"
| uiAccess="false"
| />
| </requestedPrivileges>
|
| Is that possible or do I need the source-code?
|
| Regards,
| Thorsten
|
 
Thanks for the reply, but:
my question relates to binary applications for which I do NOT own the
source. Is it possible to create a manifest for any existing application?

Regards,
Thorsten
 
Hello Thorsten,

An Application Manifest will identify an application to Windows Vista and
allow administrators to define the application's desired security
credentials-an important step in the deployment process that helps
facilitate a better user experience. The manifest informs Windows Vista
when an application is User Account Control-compliant and when to prompt
users for administrator authorization to elevate privileges. To ensure
integrity and functionality, these manifests can and should be signed.
http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx

In Windows Vista, the application manifest, an XML file that describes and
identifies the shared and private side-by-side assemblies that an
application should bind to at run time, now includes entries for UAC
application compatibility purposes. Administrative applications that
include an entry in the application manifest will prompt the user for
permission to access the user's access token. Most pre-Windows Vista
administrative applications, however, can run smoothly without modification
even though they lack an entry in the application manifest by using
application compatibility fixes. Application compatibility fixes are
database entries that enable applications that are not UAC compliant to
work properly with Windows Vista.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Date: Mon, 03 Sep 2007 14:38:36 +0200
| From: Thorsten Butz <[email protected]>
| User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
| MIME-Version: 1.0
| Subject: Re: Adding a manifest to a legacy app (from an administrators
point
| of view)
| References: <[email protected]>
<[email protected]>
| In-Reply-To: <[email protected]>
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
| NNTP-Posting-Host: dslb-084-062-174-127.pools.arcor-ip.net 84.62.174.127
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:5261
| X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|
| Thanks for the reply, but:
| my question relates to binary applications for which I do NOT own the
| source. Is it possible to create a manifest for any existing application?
|
| Regards,
| Thorsten
|
 
Hi Thorsten,

If you have any updates or need any further assistance on this issue,
please feel free to let me know.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| X-Tomcat-ID: 59857209
| References: <[email protected]>
<[email protected]>
<[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: (e-mail address removed) ("Ken Zhao [MSFT]")
| Organization: Microsoft
| Date: Thu, 06 Sep 2007 04:50:02 GMT
| Subject: Re: Adding a manifest to a legacy app (from an administrators
point of view)
| X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
| Lines: 78
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:5277
| NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
|
| Hello Thorsten,
|
| An Application Manifest will identify an application to Windows Vista and
| allow administrators to define the application's desired security
| credentials-an important step in the deployment process that helps
| facilitate a better user experience. The manifest informs Windows Vista
| when an application is User Account Control-compliant and when to prompt
| users for administrator authorization to elevate privileges. To ensure
| integrity and functionality, these manifests can and should be signed.
| http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx
|
| In Windows Vista, the application manifest, an XML file that describes
and
| identifies the shared and private side-by-side assemblies that an
| application should bind to at run time, now includes entries for UAC
| application compatibility purposes. Administrative applications that
| include an entry in the application manifest will prompt the user for
| permission to access the user's access token. Most pre-Windows Vista
| administrative applications, however, can run smoothly without
modification
| even though they lack an entry in the application manifest by using
| application compatibility fixes. Application compatibility fixes are
| database entries that enable applications that are not UAC compliant to
| work properly with Windows Vista.
|
| Thanks & Regards,
|
| Ken Zhao
|
| Microsoft Online Support
| Microsoft Global Technical Support Center
|
| Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| ====================================================
| When responding to posts, please "Reply to Group" via your newsreader so
| that others may learn and benefit from your issue.
| ====================================================
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|
| --------------------
| | Date: Mon, 03 Sep 2007 14:38:36 +0200
| | From: Thorsten Butz <[email protected]>
| | User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
| | MIME-Version: 1.0
| | Subject: Re: Adding a manifest to a legacy app (from an administrators
| point
| | of view)
| | References: <[email protected]>
| <[email protected]>
| | In-Reply-To: <[email protected]>
| | Content-Type: text/plain; charset=ISO-8859-1
| | Content-Transfer-Encoding: 7bit
| | Message-ID: <[email protected]>
| | Newsgroups:
| microsoft.public.windows.vista.administration_accounts_passwords
| | NNTP-Posting-Host: dslb-084-062-174-127.pools.arcor-ip.net 84.62.174.127
| | Lines: 1
| | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| | Xref: TK2MSFTNGHUB02.phx.gbl
| microsoft.public.windows.vista.administration_accounts_passwords:5261
| | X-Tomcat-NG:
| microsoft.public.windows.vista.administration_accounts_passwords
| |
| | Thanks for the reply, but:
| | my question relates to binary applications for which I do NOT own the
| | source. Is it possible to create a manifest for any existing
application?
| |
| | Regards,
| | Thorsten
| |
|
|
 
Hello,

I am having the same problem but this answer seems to be only marketing text
to me.

What are the technical details/steps that need to be done e.g. to mark an
existing .NET executable as "requireAdministrativePermissions" in VISTA. So
far I have come across creating manifest files and using mt.exe to sign the
..net executable. But there seem to be many pitfalls to this (mt.exe Vista SDK
version required due to MS Bug http://support.microsoft.com/kb/925378/en-us).
A complete overview would be helpful (e.g. Is it sufficient to just create
the manifest file or is mt.exe required in VISTA ?)

Greetings,
koschins

"Ken Zhao [MSFT]" said:
Hello Thorsten,

An Application Manifest will identify an application to Windows Vista and
allow administrators to define the application's desired security
credentials-an important step in the deployment process that helps
facilitate a better user experience. The manifest informs Windows Vista
when an application is User Account Control-compliant and when to prompt
users for administrator authorization to elevate privileges. To ensure
integrity and functionality, these manifests can and should be signed.
http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx

In Windows Vista, the application manifest, an XML file that describes and
identifies the shared and private side-by-side assemblies that an
application should bind to at run time, now includes entries for UAC
application compatibility purposes. Administrative applications that
include an entry in the application manifest will prompt the user for
permission to access the user's access token. Most pre-Windows Vista
administrative applications, however, can run smoothly without modification
even though they lack an entry in the application manifest by using
application compatibility fixes. Application compatibility fixes are
database entries that enable applications that are not UAC compliant to
work properly with Windows Vista.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Date: Mon, 03 Sep 2007 14:38:36 +0200
| From: Thorsten Butz <[email protected]>
| User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
| MIME-Version: 1.0
| Subject: Re: Adding a manifest to a legacy app (from an administrators
point
| of view)
| References: <[email protected]>
<[email protected]>
| In-Reply-To: <[email protected]>
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
| NNTP-Posting-Host: dslb-084-062-174-127.pools.arcor-ip.net 84.62.174.127
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:5261
| X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|
| Thanks for the reply, but:
| my question relates to binary applications for which I do NOT own the
| source. Is it possible to create a manifest for any existing application?
|
| Regards,
| Thorsten
|
 
Koschins

You might get more focused information on the free MSDN developer forums.
You can dialog there with other developers and Microsoft employees who may
have the answers you are looking for.

MSDN Forums: Vista Software Development.
http://forums.microsoft.com/MSDN/default.aspx?ForumGroupID=24&SiteID=1


--

Ronnie Vernon
Microsoft MVP
Windows Shell/User


koschins said:
Hello,

I am having the same problem but this answer seems to be only marketing
text
to me.

What are the technical details/steps that need to be done e.g. to mark an
existing .NET executable as "requireAdministrativePermissions" in VISTA.
So
far I have come across creating manifest files and using mt.exe to sign
the
.net executable. But there seem to be many pitfalls to this (mt.exe Vista
SDK
version required due to MS Bug
http://support.microsoft.com/kb/925378/en-us).
A complete overview would be helpful (e.g. Is it sufficient to just create
the manifest file or is mt.exe required in VISTA ?)

Greetings,
koschins

"Ken Zhao [MSFT]" said:
Hello Thorsten,

An Application Manifest will identify an application to Windows Vista and
allow administrators to define the application's desired security
credentials-an important step in the deployment process that helps
facilitate a better user experience. The manifest informs Windows Vista
when an application is User Account Control-compliant and when to prompt
users for administrator authorization to elevate privileges. To ensure
integrity and functionality, these manifests can and should be signed.
http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx

In Windows Vista, the application manifest, an XML file that describes
and
identifies the shared and private side-by-side assemblies that an
application should bind to at run time, now includes entries for UAC
application compatibility purposes. Administrative applications that
include an entry in the application manifest will prompt the user for
permission to access the user's access token. Most pre-Windows Vista
administrative applications, however, can run smoothly without
modification
even though they lack an entry in the application manifest by using
application compatibility fixes. Application compatibility fixes are
database entries that enable applications that are not UAC compliant to
work properly with Windows Vista.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.





--------------------
| Date: Mon, 03 Sep 2007 14:38:36 +0200
| From: Thorsten Butz <[email protected]>
| User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
| MIME-Version: 1.0
| Subject: Re: Adding a manifest to a legacy app (from an administrators
point
| of view)
| References: <[email protected]>
<[email protected]>
| In-Reply-To: <[email protected]>
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| Message-ID: <[email protected]>
| Newsgroups:
microsoft.public.windows.vista.administration_accounts_passwords
| NNTP-Posting-Host: dslb-084-062-174-127.pools.arcor-ip.net
84.62.174.127
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_accounts_passwords:5261
| X-Tomcat-NG:
microsoft.public.windows.vista.administration_accounts_passwords
|
| Thanks for the reply, but:
| my question relates to binary applications for which I do NOT own the
| source. Is it possible to create a manifest for any existing
application?
|
| Regards,
| Thorsten
|
 
Back
Top