commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mladen Turk (JIRA)" <>
Subject [jira] [Resolved] (DAEMON-245) Support privilege escalation on Windows (UAC)
Date Mon, 22 Oct 2012 07:08:12 GMT


Mladen Turk resolved DAEMON-245.

       Resolution: Fixed
    Fix Version/s: 1.0.11

Added slightly modified prunsrv.manifest which should do the trick.
Not sure if Commons-Controls dependency is needed or not.
> Support privilege escalation on Windows (UAC)
> ---------------------------------------------
>                 Key: DAEMON-245
>                 URL:
>             Project: Commons Daemon
>          Issue Type: New Feature
>          Components: Procrun
>    Affects Versions: 1.0.10
>         Environment: Windows Vista+
>            Reporter: Rainer Jung
>             Fix For: 1.0.11
> Windows introduced User Access Control which limits things users can do even if they
are logged in as administrators. Management of services is one of those things. Usually the
recommendation was to switch the UAC feature off, but it is not to hard to support UAC for
> Any binary can include information about a needed privilege escalation. If you start
such a binary, the usualy Windows confirmation popup of UAC will show and you can confirm
the operation.
> To support this, the manifest included in the exe files need to be enhanced. The following
is an example for prunsrv:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
> <assemblyIdentity version="" processorArchitecture="*" name="Apache.Procrun.Prunsrv"
> <description>Apache Procrun Service Manager</description>
> <dependency>
> <dependentAssembly>
> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version=""
processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
> </dependentAssembly>
> </dependency>
> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
> <security>
> <requestedPrivileges>
> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
> </requestedPrivileges>
> </security>
> </trustInfo>
> </assembly>
> I used this manifest and the same one with the string "Prunsrv" replaced by "Prunmgr"
successfully on Windows 7.
> I do not know, whether such an extended manifest has negative cnsequences on older Windows.
> If accepted, the manifest should be added to both binaries. Currently only one of them
contains a manifest.
> Regards,
> Rainer

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message