Elevated privileges for Delphi applications
One of my customers recently asked the question “How can I force my application to run as administrator, without the user having to select this option?” Good question…
In this post, I’ll be using RAD Studio to create a Delphi application, however, the same technique should work equally well for a C++ Builder project.
Around the launch of Windows Vista, I’d heard about UAC (User Access Control) and manifest files, but I’ve never really had cause to work with them. The applications that I’ve worked on have not required administrative privileges, nor the theming benefits of using manifest files. So I’m inexperienced with them.
I began searching around for information, and found lots of older solutions which didn’t exactly work, either because they’re for older versions of Delphi / Rad Studio, or because they’re for older windows versions than I’m using. Eventually, I was able to work out a method that does work, and I’d like to share that with you…
Start by creating a new VCL application, and save the project. You can name the project as you wish, but you’ll need it’s name later. For this example I’ve named my project “ManifestTesting.” Also, be sure it’s a VCL application, this technique should work equally well for FMX applications running on windows, however, it does apply to windows only, so FMX is not necessary here.
Now, you’ll need to create a new file containing the XML manifest code required to request elevated permissions.
Select File / New / Other..
Under “Other Files” select “Text File”
Type in “.manifest” as the extension for your file, in the dialog…
When you click “Ok”, a new file named ‘New1.manifest’ will appear under your project. Right click on it, and select “Save As”
Save the file with the same name as your project, but a .manifest extension. So, in this example, save it as “ManifestTesting.manifest”
Now, we need some content for this file. Open the file in the IDE, and paste the following…
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity type="win32" name="ManifestTesting" version="1.0.0.0" processorArchitecture="x86"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<!-- Windows Vista application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--Windows 7-->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!--Windows Vista-->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
</application>
</compatibility>
</assembly>
Notice the tag name=”ManifestTesting” on line 3. You need to alter this to the name of your own application.
Save this file, and now right click on your project file and select “Options”
Now under the ‘Application’ category in the tree, select the option to “Use custom manifest”
The box named “Custom Manifest” (beneath the drop-down) has an associated button, click it to browse for and locate your “ManifestTesting.manifest” file…
After you click “Ok” a few times to dismiss the dialogs, build your project and attempt to run it.
You’ll see an error message:
This is because your application now requires Administrative rights to run, but the IDE is not running as Administrator, and is therefore unable to launch the process.
If you attempt to run the executable outside the IDE, you’ll be prompted to permit it to run as Administrator, which is the desired result, but how can we resolve this issue using the IDE?
You might have noticed that when we elected to use a custom manifest file in the project options, we did so under the debug profile…
Go and restore this option to “Enable runtime themes”, then change the “Target” dialog to a release profile and set “Use custom manifest” for that profile. Again, select the custom manifest file. You’ll then have a debug profile which does not request Administrative privileges, and a release profile which does.
Another alternative (if you require Administrative rights during debug), is to run your IDE as administrator, which you could do permanently by appropriately altering it’s short-cut. Note, this is not advised, you should only use administrative rights for debugging those features which specifically require elevated rights.
http://chapmanworld.com/2015/06/08/elevated-privileges-for-delphi-applications/
