Under Windows XP most folks normally live in Admin login mode; otherwise, applications don't tend to install and run correctly. However, this is very insecure since "bad software" can too easily get free run of the machine. Windows Vista UAC mode allows you to login as a User but still perform admin tasks. You are prompted every time admin approval is required. Even poorly designed applications that write to protected areas (such as the HKLM registry hive, or to \Program Files directory) can run because Vista intercepts the protected action and prompts you for admin approval before proceeding.

UAC, also called Admin approval mode, is enabled by default in Vista (see UAC checkbox in Control Panel > User Accounts).
The Problem with UAC

The obvious problem with UAC is that some programs, in particular installation applications, really need to run in administration mode. Yet under Vista, Microsoft now recommend you do everything, including install software, under User logon (with UAC enabled).

some users reported that app not running on Vista, try add to dwt.exe.manifest:

   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>


completely:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="DWT" type="win32"/>
    <description>D Widget Toolkit</description>
    <dependency>
        <dependentAssembly>
            <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"/>
        </dependentAssembly>
    </dependency>

   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>

</assembly>




-- 
yidabu <yidabu.spam@gmail.com> http://www.dsource.org/projects/dwin

D 语言-中文(D Chinese): http://www.d-programming-language-china.org/ http://bbs.d-programming-language-china.org/ http://dwin.d-programming-language-china.org/ http://scite4d.d-programming-language-china.org/

在 Wed, 09 Jul 2008 10:24:12 +0800，yidabu <yidabu.spam@gmail.com> 写道:

>  Even poorly designed applications that write to protected areas (such as the HKLM registry hive, or to \Program Files directory) can run because Vista intercepts the protected action and prompts you for admin approval before proceeding.

which part of dwt require admin previllege?

-- 
使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/

在 Wed, 09 Jul 2008 10:24:12 +0800，yidabu <yidabu.spam@gmail.com> 写道:

>  Even poorly designed applications that write to protected areas (such as the HKLM registry hive, or to \Program Files directory) can run because Vista intercepts the protected action and prompts you for admin approval before proceeding.

if it's your app, then you're on your own to add this , not DWT library

-- 
使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/

On Fri, 11 Jul 2008 11:21:42 +0800
davidl <davidl@126.com> wrote:

> 在 Wed, 09 Jul 2008 10:24:12 +0800，yidabu <yidabu.spam@gmail.com> 写道:
> 
> >  Even poorly designed applications that write to protected areas (such
> > as the HKLM registry hive, or to \Program Files directory) can run
> > because Vista intercepts the protected action and prompts you for admin
> > approval before proceeding.
> 
> if it's your app, then you're on your own to add this , not DWT library
> 
> -- 
> 使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/

This is a trick about Windows Vista Compatibility.


-- 
yidabu <yidabu.spam@gmail.com> http://www.dsource.org/projects/dwin

D 语言-中文(D Chinese): http://www.d-programming-language-china.org/ http://bbs.d-programming-language-china.org/ http://dwin.d-programming-language-china.org/ http://scite4d.d-programming-language-china.org/

yidabu schrieb:
> On Fri, 11 Jul 2008 11:21:42 +0800
> davidl <davidl@126.com> wrote:
> 
>> 在 Wed, 09 Jul 2008 10:24:12 +0800，yidabu <yidabu.spam@gmail.com> 写道:
>>
>>>  Even poorly designed applications that write to protected areas (such  as the HKLM registry hive, or to \Program Files directory) can run  because Vista intercepts the protected action and prompts you for admin  approval before proceeding.
>> if it's your app, then you're on your own to add this , not DWT library
>>
>> -- 
>> 使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/
> 
> This is a trick about Windows Vista Compatibility.
> 
> 

If a user has not privilegues, he can not run the program then?

On Fri, 11 Jul 2008 10:25:57 +0200
Frank Benoit <keinfarbton@googlemail.com> wrote:

> yidabu schrieb:
> > On Fri, 11 Jul 2008 11:21:42 +0800
> > davidl <davidl@126.com> wrote:
> > 
> >> 在 Wed, 09 Jul 2008 10:24:12 +0800，yidabu <yidabu.spam@gmail.com> 写道:
> >>
> >>>  Even poorly designed applications that write to protected areas (such
> >>> as the HKLM registry hive, or to \Program Files directory) can run
> >>> because Vista intercepts the protected action and prompts you for admin
> >>> approval before proceeding.
> >> if it's your app, then you're on your own to add this , not DWT library
> >>
> >> -- 
> >> 使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/
> > 
> > This is a trick about Windows Vista Compatibility.
> > 
> > 
> 
> If a user has not privilegues, he can not run the program then?

a user reported that click on the exename.exe on Windows Vista that has not privilegues, nothing happens.

There are a number of ways to elevate the execution level of an executable under Windows Vista.

    *

      Right-click an EXE or its shortcut and select "Run as administrator" from the context menu.
    *

      Right-click and select properties. Click the advanced button (General Tab) and check the "Run as administrator" checkbox.
    *

      Right-click and select properties. Click the "Show Settings for all users" (Compatibility Tab) and check the "Run as administrator" checkbox.
    *

      Login as a real Administrator and run from there (Don't do this. Not secure).
    *

      Mark the executable as requestedExecutionLevel level="requireAdministrator" using a manifest file.

The last method is what really interests us here. We can mark an executable, ship it to a customer, and have confidence that it will run in administration mode on the customer's PC. The down side -- the user will be prompted for approval when they launch the application. But we're all used to that with setup programs under Windows XP.


Manifest file

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity version="1.0.0.0"
	processorArchitecture="X86"
	name="ExeName"
	type="win32"/>
<description>elevate execution level</description>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>


-- 
yidabu <yidabu.spam@gmail.com> http://www.dsource.org/projects/dwin

D 语言-中文(D Chinese): http://www.d-programming-language-china.org/ http://bbs.d-programming-language-china.org/ http://dwin.d-programming-language-china.org/ http://scite4d.d-programming-language-china.org/

yidabu schrieb:
> On Fri, 11 Jul 2008 10:25:57 +0200
> Frank Benoit <keinfarbton@googlemail.com> wrote:
>> If a user has not privilegues, he can not run the program then?
> 
> a user reported that click on the exename.exe on Windows Vista that has not privilegues, nothing happens.
> 
> There are a number of ways to elevate the execution level of an executable under Windows Vista.
> 
>     * Right-click an EXE or its shortcut and select "Run as administrator" 
from the context menu.
>     * Right-click and select properties. Click the advanced button (General Tab) and check the "Run as administrator" checkbox.
>     * Right-click and select properties. Click the "Show Settings for all users" (Compatibility Tab) and check the "Run as administrator" checkbox.
>     * Login as a real Administrator and run from there (Don't do this. Not secure).
>     * Mark the executable as requestedExecutionLevel 
level="requireAdministrator" using a manifest file.
> 
> The last method is what really interests us here. We can mark an executable, ship it to a customer, and have confidence that it will run in administration mode on the customer's PC. The down side -- the user will be prompted for approval when they launch the application. But we're all used to that with setup programs under Windows XP.
> 

I understand your answer that you explain what can be done if a user does not have privilegues.

My question was more like...
If i want the application to just show a window, even a non privilegues user should be able to run it. Then it would not make sense to but this into the manifest?
It is only needed for special applications?

On Fri, 11 Jul 2008 21:31:00 +0200
Frank Benoit <keinfarbton@googlemail.com> wrote:

> yidabu schrieb:
> > On Fri, 11 Jul 2008 10:25:57 +0200
> > Frank Benoit <keinfarbton@googlemail.com> wrote:
> >> If a user has not privilegues, he can not run the program then?
> > 
> > a user reported that click on the exename.exe on Windows Vista that has not privilegues, nothing happens.
> > 
> > There are a number of ways to elevate the execution level of an executable under Windows Vista.
> > 
> >     * Right-click an EXE or its shortcut and select "Run as administrator"
> from the context menu.
> >     * Right-click and select properties. Click the advanced button (General Tab) and check the "Run as administrator" checkbox.
> >     * Right-click and select properties. Click the "Show Settings for all users" (Compatibility Tab) and check the "Run as administrator" checkbox.
> >     * Login as a real Administrator and run from there (Don't do this. Not secure).
> >     * Mark the executable as requestedExecutionLevel
> level="requireAdministrator" using a manifest file.
> > 
> > The last method is what really interests us here. We can mark an executable, ship it to a customer, and have confidence that it will run in administration mode on the customer's PC. The down side -- the user will be prompted for approval when they launch the application. But we're all used to that with setup programs under Windows XP.
> > 
> 
> I understand your answer that you explain what can be done if a user does not have privilegues.
> 
> My question was more like...
> If i want the application to just show a window, even a non privilegues
> user should be able to run it. Then it would not make sense to but this
> into the manifest?
> It is only needed for special applications?

It is only needed for special applications, IMHO.


-- 
yidabu <yidabu.spam@gmail.com> http://www.dsource.org/projects/dwin

D 语言-中文(D Chinese): http://www.d-programming-language-china.org/ http://bbs.d-programming-language-china.org/ http://dwin.d-programming-language-china.org/ http://scite4d.d-programming-language-china.org/

Another possibility is to have "install", "setup" or "update" occuring in the file name (some of my collegues discovered this after two days of searching for the reason why drag'n'drop did not work in one of their apps with UAC disabled)