Elevate permissions for exe permanently

Question

I have built an installer for my application with wix. I am also using an automatic updater so the user can update the software. The problem I am having is for the updater to work it needs to run its exe and close my application and restart my application after it has finished. When the updater starts up, it needs elevated permissions to run. I am wondering if there is a way to permanently grant the updater exe elevated permissions on install since it has to be installed by an administrator to begin with, saving the administrator from being present every time an update needs to be done?

It would be nice for the user to click update and not have to bother their IT department to get an updated version of our software.

Answer 1

Without being a member of the windows build team you only have two options

1. Start your program from another program that was already running that has administrator privileges
2. Make it so your update process does not require administrative privileges.

The only real way to perform #1 is to have a windows service that runs in the background and executes the downloaded update package as an administrative user, this process is hard to do "right" without leaving security holes in the end users system that malware (or users that want to get around IT's restrictions) could exploit.

Option #2 is the better option, and is what many popular software packages use. The way to accomplish this is to either change the permissions of your folder inside ProgramFiles to allow the Authenticated Users group to have write privileges. This is not the optimal solution but likely the easiest to implement. Another way to accomplish this is install the updateable resources in to a folder that your user has write access to by default, for example the %LocalAppData% folder (which is what Chrome does (I think) and any applications deployed with ClickOnce)

Answer 2

You need to add a manifest to every executable that always needs to run elevated. Here is a sample app.manifest file:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplicationName" />
  <description>My application description.</description>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>      
      <!-- Windows Vista -->
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
      <!-- Windows 7 -->
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
      <!-- Windows 8 -->
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
      <!-- Windows 8.1 -->
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
    </application>
  </compatibility>
</asmv1:assembly>

The relevant setting for this in the manifest is:

level="requireAdministrator"

You just need to add an app.manifest file to your project, and then set the manifest in the Properties tab for the project to the new file instead of using the default manifest generated by the compiler.

The Windows account running the process still requires administrative privileges however for the process to run with these privileges.