Details
Major Description
Windows introduced User Access Control which limits things users can do even if they are logged in as administrators. Management of services is one of those things. Usually the recommendation was to switch the UAC feature off, but it is not to hard to support UAC for procrun.
Any binary can include information about a needed privilege escalation. If you start such a binary, the usualy Windows confirmation popup of UAC will show and you can confirm the operation.
To support this, the manifest included in the exe files need to be enhanced. The following is an example for prunsrv:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="3.1.0.0" processorArchitecture="*" name="Apache.Procrun.Prunsrv" type="win32"></assemblyIdentity>
<description>Apache Procrun Service Manager</description>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="" publicKeyToken="6595b64144ccf1df" language=""></assemblyIdentity>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
I used this manifest and the same one with the string "Prunsrv" replaced by "Prunmgr" successfully on Windows 7.
I do not know, whether such an extended manifest has negative cnsequences on older Windows.
If accepted, the manifest should be added to both binaries. Currently only one of them contains a manifest.
Regards,
Rainer
Attachments
Issue Links
- is related to
-
DAEMON-269 Support UAC for prunmgr.exe
-
- Resolved
-