Windows UAC and Elevation for Self-Extracting Packages¶
Usually packages (especially Setup packages) and installers made with Paquet Builder are designed to perform tasks only allowed by Windows if the end user has administrative privileges (as placing files into common folders, writing registry keys, registering shared files...).
Windows Vista and higher have a security feature called User Account Control (UAC). UAC enables users to perform common tasks as non-administrators, called standard users in Windows. By default, all users now are considered as standard users, even when they are logged on as administrators. If a task requires administrative privileges, a UAC prompt asks for the user's permission (or entering a password for instance if you are not an administrator) to continue.
Therefore some packages would not correctly work under Windows Vista because all users even administrators would run them as standard users. The solution is to mark your package with the correct requested execution level if it needs to perform tasks that require administrative privileges. Thus the package will require elevation to an administrator account.
How to require elevation in Paquet Builder¶
Your package .exe file must contain an application manifest, i.e. an XML file with special instructions. All UAC compliant applications should have a requested execution level added to the application manifest. Requested execution levels allow the system to know the specific privileges required for a package.
In Paquet Builder, to set the requested execution level for Windows, go to "Build / EXE Output Configuration"; you have three choices:
-
turn off the "request elevated rights (User Account Control)" option. In this case, the level is set to "As Invoker", i.e. the package runs with the same access token as the parent process.
-
turn on the option then select between two levels:
- Require Administrator: the package runs only for administrators; moreover the package can only be launched with the full access token of an administrator.
- Highest Available: the package runs with the highest privileges the current user can obtain.
If your package requires administrative access to the system, then marking the package with a requested execution level of "Require Administrator" will ensure that the system will identify this program as an administrative application and will perform the necessary elevation steps.
Paquet Builder will then automatically add a UAC-compliant manifest to your packages.
Warning
Digitally signing your installer is strongly recommended if you require evelation.