Re: Manifests and requestedExecutionLevel

Yes, the problem is that it takes a while to get to the state where the level is
determined, and it involves a fair amount of work to launch a new process with the correct
level and get it back to the right state.

Seems like manifests aren't really well-thought-out in terms of what they can specify, and
certainly aren't documented.

I keep hoping that someone from Microsoft is reading these posts and takes back to the
appropriate groups that we are complaining about poor documentation.

See below...
On Tue, 10 Jul 2007 07:19:15 -0700, "David Ching" <dc@xxxxxxxxxxxxxxxxxxxxxx> wrote:

"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message
news:cd3793tke1l13aop632fgtdad02fncsrvf@xxxxxxxxxx
Yes, I have seen that article, but it is completely useless. It talks
about gaining
administrator rights, but that does not appear to be the same as asking
for a specific
integrity level

Yes, as I said:

Kenny's article above makes it seem impossible to use a manifest to specify
a medium MIC. This will be the default for standard users but not for
Admin
users (which will be High by default).

To put it bluntly, I know of no way to use manifests to launch a process
with a guaranteed MIC of Medium. You have to use the CreateProcess API
variant you mentioned before.


and it handwaves about the manifest without actually telling how to
create the manifest (there is no manifest I can find in my project, just
the one that
appears to be created on-the-fly and therefore could not be modified by
hand, even if I
could figure out what should go in it.

I wonder why manifests are so complex that the documentation was not
delivered on the day
that manifests became a component of the system. There's Something Wrong
With This
Picture. I should be able to go to the MSDN, open the section on
manifests, and see the
complete documentation, syntax, semantics, and examples of use. Is it
there? No. I
would like to point out that it is now 2007, and VS2005 has been out for
two years. Is
anyone at Microsoft taking any responsibility for this fiasco?

Joe, do you want help with this problem or just complain about it? Perhaps
the reason why there is no succinct doc on manifests is that they are simply
XML files. The contents are a collection of XML tags. You are asking the
equivalent of some XML primer that knows all possible tags you can possibly
put into your XML file. Impossible!
****
No, I'm asking specifically for the list of tags that are used in manifests. That is a
finite and documentable set!
*****
Instead, each section (tag) of the
manifest is separately documented. For example, to specify elevation:

<v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3">
<v3:security>
<v3:requestedPrivileges>
<!-- level can be "asInvoker", "highestAvailable", or
"requireAdministrator" -->
<v3:requestedExecutionLevel level="requireAdministrator" />
</v3:requestedPrivileges>
</v3:security>
</v3:trustInfo>
*****
Hmm. So we have designations of integrity level such as "High", "Medium", "Low" and even
"System", but the keywords are "asInvoker", "higestAvailable" and "requireAdministrator",
and the correlation is obvious...

So where is the complete documentation of the manifest? I cannot find it in the MSDN. In
fact, a search in MSDN for "requestedExecutionLevel" reveals absolutely nothing usable,
such as a reference manual entry for this keyword. I did *that* search two days ago.
Neither the installed MSDN nor the online search reveal anything useful. The best
reference was to the beta 1 Longhorn distribution, although the details of the relevance
of a beta1 document to a final product is problematic.

Google sites were not that much more informative, giving at best snippets of manifests.
joe
*****

and Common Controls 6:

<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
*****
Hmmm. And how do I find out what each of these mean? Again, I should be able to find a
reference manual on manifests. The existing documentation is defined by a set of
incomplete examples, vague specifications, obsolete specifications (for example, one
specifies that "Win32" is the only allowable value (I wonder why Win64 is not a valid
operating system?), and only x86 and IA-64 are mentioned in another place, with no
indicating what is to be used for a 64-bit x86, so it is not clear if this is an oversight
or x86 applies to both 32-bit and 64-bit versions of the architecture. The effects of
various specifications are obscure, and overall there is nothing representing adequate
documentation anywhere I can find.
joe
****


To get this manifest into built into your .exe, I already told you:

In
VS2005 project Properties, see the manifest tab and specify and Additional
Manifest.

-- David

Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • Re: Manifests and requestedExecutionLevel
    ... Seems like manifests aren't really well-thought-out in terms of what they ... All aspects of UAC seem to be poorly documented at the moment. ... components work and fit together and the poor documentation. ... long as there was a handy-dandy decoder ring that said "If you want to launch with the ...
    (microsoft.public.vc.mfc)
  • Manifests and requestedExecutionLevel
    ... details such as syntax, semantics, and methods for creating them. ... I have an app that has to run at the integrity level designated by ... If anyone has a pointer to documentation on manifests, ...
    (microsoft.public.vc.mfc)
  • Re: Cannot run program on computer without Visual Studio installed?
    ... Manifests would not be nearly as bad if they weren't completely undocumented. ... the only documentation is in Post-It notes stuck to the sides of screens in ... prefer static-linking to avoid DLLHell and the new ManifestHell. ...
    (microsoft.public.vc.mfc)
Loading