How can I ask the user about increased permissions at runtime?

Question

How can I ask the user about increased permissions at runtime?

Some applications, starting with the regular user, will request increased permissions if necessary (for example, the file manager should write such a folder), and then continue the operation.

How can I reproduce this behavior?

+6

c ++ windows qt

Tamás Szelei May 24 '11 at 10:10

source share

4 answers

See this question about privilege escalation only if necessary in C # and in this article about the user account

To summarize: you need to start a new process with higher permissions. The height level cannot be changed at run time. Startup with elevated permissions is performed either through WinAPI, or embedding the correct manifest in the executable file.

+3

larsmoa May 24 '11 at 10:19

source share

In a nutshell: create two executable files for windows. A regular executable file and a working exe file that you use to perform "advanced" operations (by passing command-line options).

In the second EXE file, you add the application manifest file with the <requestExecutionLevel level="requireAdministrator"/> node.

When starting a working application, be sure to use the QT function, which wraps ShellExecute, and not CreateProcess, because CreateProcess simply does not start the requireAdministrator applications, while ShellExecute (Be a shell function) can execute a prompt to raise the UAC.

This can also be done with ActiveX controls, but since you are targeting Qt, that seems less appropriate.

+2

Chris becke May 24 '11 at 11:00

source share

You can also run a COM object in high speed mode. See the MSDN article for more information.

+2

Jörgen sigvardsson May 24 '11 at 18:29

source share

Fivos vilanakis · Accepted Answer · 2011-05-26T11:06:28+0000

As Tamash said, you need to start a new process with elevated rights. I searched a lot in the past, but I did not find a way to elevate the rights of the current process.

Suppose your main application is App1.exe, and then you call the secondary App2.exe process, which requires elevated privileges.

but. You can embed a manifest in your App2.exe, but an easier way is to create a manifest file [text file] named App2.exe.manifest with the following contents and put it in the same directory as App2.exe. The note:!! Oddly enough, if your application name is not App2.exe, but App2_install.exe or App2_setup.exe (that is, if the application name contains “install” or “setup”), then the UAC dialog box will automatically appear in Windows Vista / Windows 7 and will request elevated rights, even if the manifest file is missing! This is an example manifest file:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> </assembly>

B. You can use the following code in App1.exe to run App2.exe

 QString AppToExec = qApp->applicationDirPath() + "/App2.exe"; // Put any required parameters of App2.exe to AppParams string QString AppParams = ""; if (0 != genWin32ShellExecute(AppToExec, "", // default verb: "open" or "exec" AppParams, false, // run hidden true)) // wait to finish { // (...) handle error }

... and finally, this is the Win32 function code genWin32ShellExecute () that I created to start the process or open the document when using QT on Win32 O / S:

Title:

 #ifdef Q_OS_WIN // Implement genWin32ShellExecute() especially for UAC #include "qt_windows.h" #include "qwindowdefs_win.h" #include <shellapi.h> int genWin32ShellExecute(QString AppFullPath, QString Verb, QString Params, bool ShowAppWindow, bool WaitToFinish); #endif

CPP:

 // Execute/Open the specified Application/Document with the given command // line Parameters // (if WaitToFinish == true, wait for the spawn process to finish) // // Verb parameter values: // "" The degault verb for the associated AppFullPath // "edit" Launches an editor and opens the document for editing. // "find" Initiates a search starting from the specified directory. // "open" Launches an application. If this file is not an executable file, its associated application is launched. // "print" Prints the document file. // "properties" Displays the object properties. // // Ret: 0 = success // <0 = error #ifdef Q_OS_WIN int genWin32ShellExecute(QString AppFullPath, QString Verb, QString Params, bool ShowAppWindow, bool WaitToFinish) { int Result = 0; // Setup the required structure SHELLEXECUTEINFO ShExecInfo; memset(&ShExecInfo, 0, sizeof(SHELLEXECUTEINFO)); ShExecInfo.cbSize = sizeof(SHELLEXECUTEINFO); ShExecInfo.fMask = SEE_MASK_NOCLOSEPROCESS; ShExecInfo.hwnd = NULL; ShExecInfo.lpVerb = NULL; if (Verb.length() > 0) ShExecInfo.lpVerb = reinterpret_cast<const WCHAR *>(Verb.utf16()); ShExecInfo.lpFile = NULL; if (AppFullPath.length() > 0) ShExecInfo.lpFile = reinterpret_cast<const WCHAR *>(AppFullPath.utf16()); ShExecInfo.lpParameters = NULL; if (Params.length() > 0) ShExecInfo.lpParameters = reinterpret_cast<const WCHAR *>(Params.utf16()); ShExecInfo.lpDirectory = NULL; ShExecInfo.nShow = (ShowAppWindow ? SW_SHOW : SW_HIDE); ShExecInfo.hInstApp = NULL; // Spawn the process if (ShellExecuteEx(&ShExecInfo) == FALSE) { Result = -1; // Failed to execute process } else if (WaitToFinish) { WaitForSingleObject(ShExecInfo.hProcess, INFINITE); } return Result; } #endif

How can I ask the user about increased permissions at runtime?

More articles: