Hi,
The December CTP of Vista has a modified version of UAP/LUA. There's a shield icon (windows colors) next to any setting that requires aleveated status (brings up the verification dialog instead of an earlier dialog that asked for admin password). Also, for other tasks such as opening a file, modifying registry, modifying the drive, etc the dialog pops up asking the user to verify the action.
The question being, if I have several settings in my application that I'd like to be either Admin specfic or just out of concern I don't want the user to click on that unknowingly (i.e. might pose a danger to the system/security, etc). What should I be doing are there APIs in the platform SDK/Windows SDK for Vista that allow me to bring up a similar dialog as the one that's seen in the system elsewhere, or I'd have to design something myself
I'd expect the SDK to provide APIs and maybe even properties to the buttons that mimic the normal windows behaviour for UAP/LUA. I.e. show a windows shield icon next to the setting and upon clicking it a dialog pops up - either asking for admin password or as seen in Dec. CTP, asking for the user to permit/deny that action.
- Keeron
Using LUA/UAP in custom applicatons
VB 2005 User
If you're not using a real proxy/stub DLL, then you need to merge the proxy/stub code into your type library. The easiest way to do this is to make create a new ATL project in Visual Studio, and make sure you check the "Allow merging of proxy/stub code" checkbox in the ATL Project Wizard.
After you do this, you also need to define _MERGE_PROXYSTUB in the project settings, the wizard doesn't do this for you for some reason.
Since you're creating an instance of your COM object in a different process, Windows needs the proxy/stub code to marshal parameters across process boundaries.
If you merge the proxy/stub code into your type library, then simply registering your DLL with regsvr32 should create all the correct registry entries. If you create a separate proxy/stub DLL, you will need to register that as well.
Martin Flores
chuck620
I agree, I wish there were some code samples for this. I'm trying to use an elevated out-of-process COM object to perform operations that require administrative priviliges, but I've been unable to get this to work. The Best practices and guidelines article you refer to talks about a new API called CoCreateInstanceAsAdmin(). I've since been told that there isn't going to be a new API for this, instead the moniker syntax for CoGetObject() will be enhanced so you can implement this routine yourself:
inline HRESULT
CoCreateInstanceAsAdmin(
__in_opt HWND hwndParent,
__in REFCLSID rclsid,
__in REFIID riid,
__deref_out PVOID *ppv
)
{
HRESULT hr;
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
*ppv = NULL;
if (0 == StringFromGUID2(rclsid, wszCLSID, RTL_NUMBER_OF(wszCLSID)))
{
return E_OUTOFMEMORY;
}
hr = StringCchPrintf(wszMonikerName,
RTL_NUMBER_OF(wszMonikerName),
L"Elevation:Administrator!new:%s",
wszCLSID);
if (FAILED(hr))
{
return hr;
}
RtlZeroMemory(&bo, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwndParent;
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
return CoGetObject(wszMonikerName, &bo, riid, ppv);
}
I still can't get this to work, CoGetObject() fails with CO_E_MISSING_DISPLAYNAME (0x80080015L), a new error in WinError.h in the Vista SDK that's described as "The activation requires a display name to be present under the CLSID key." Even with a DisplayName string under my CLSID key, I still get this error with the 5270 build of VIsta.
Anyway, maybe this information will be helpful to you.
velt
Guess it pays to read the blogs frequently :)
Add the LUA/UAP (now called UAC, user account control) team's blog to your bookmarks! Got a link from their old blog that points to excellent papers on this topic.
Getting started with UAP
http://www.microsoft.com/technet/windowsvista/evaluate/feat/uaprot.mspx
Gaming with Least-priviliged user accounts
http://msdn.microsoft.com/library/default.asp url=/library/en-us/directx9_c/Gaming_with_Least_Privileged_User_Accounts.asp
Best practices and guidelines
http://msdn.microsoft.com/windowsvista/default.aspx pull=/library/en-us/dnlong/html/AccProtVista.asp
The papers (specially the getting started and best practices) are really really helpful, but are painfully long and hard to understand at first pass. I did see references to functions and IDs that developers can use in their apps and achive what I was asking in the above message. This is really great, and I hope they extend the API to work from both unmanaged C++ apps, as well as applications that use the .net framework (including WinFx).
I don't think the December CTP SDK has any samples on this API set, but would be intersting to see a simple demo app that can mimic say the date/time settings dialog (UAP dialog pops up when the settings button is clicked, etc).
Damodarnet
Hi all,
I have tried to implement CoCreateInstanceAsAdmin too.
I have already implement the Elevation in my COM Dll foo.rgs as follow:
Elevation
{
val Enabled = d 1
}
val LocalizedString = s 'Elevation AppReg.dll'
However I still got (0x80080017L) error when I call CoGetObject()
Does anyone know what error means
(P.S. I use the Vista beta 2 build 5472.)
avidan
lavasurfer
Can you go over the steps you had to take to get elevation to work on your COM DLL I'm a little ticked that there still isn't solid, easily found documentation on this when MS expects developers to get their apps Vista/UAC compliant. I'm glad you were able to get it to work.
I've tried the steps in the elevation moniker topic, using MSDN's sample CoCreateInstanceAsAdmin but I keep getting a COM variation of ERROR_INVALID_DATA. What does this mean I can do a regular CoCreateInstance just fine, with both CLSCTX_INPROC_SERVER and CLSCTX_LOCAL_SERVER. I'm not using a real proxy/stub DLL, I'm just using the DllSurrogate registry entry and generic marshalling. Is that an issue I set the registry settings as indicated on MSDN, for Elevation\Enabled and LocalizedString.
I've tried using their version of CoCreateInstanceAsAdmin, which uses CoGetObject (relatively high-level function), and I also tried making a longer brute-force version that calls all the APIs that CoGetObject calls. Both versions choke with ERROR_INVALID_DATA, from CoGetObject in the first version and BindToObject in the 2nd.
Do you think you can post some sample code and registry settings It would be much appreciated.
Tony Castagno
Thanks. The specific web page is:
http://msdn.microsoft.com/library/default.asp url=/library/en-us/com/html/1595ebb8-65af-4609-b3e7-a21209e64391.asp
Now that I know about the LocalizedString and Elevation\Enabled keys, I've almost got this working. Vista prompts me with the elevation UI using the display name I specified, but then the CoGetObject() call fails with REGDB_E_CLASSNOTREG. Obviously, it knows the class is implemented by my DLL, since it's showing me my display name. I can successfully create an instance of my COM object using CoCreateInstance(). I'm not sure what's wrong.
binks120
RonRandall
@path\to\your\dll,-1000
Where 1000 is the string resource ID for the localized string to be displayed in the elevation dialog.
newbied
Hi,
I get this working as PA only (consent prompt). As limited User the Elevation UI is displayed, logon succeeds, however my method returns "Access denied". What am I doing wrong
Regards,
AGDD
Andrew Tregonning
Philip Painter
I've tried the steps in the elevation moniker topic, using MSDN's sample CoCreateInstanceAsAdmin but I keep getting a COM variation of ERROR_INVALID_DATA. What does this mean I can do a regular CoCreateInstance just fine, with both CLSCTX_INPROC_SERVER and CLSCTX_LOCAL_SERVER. I'm not using a real proxy/stub DLL, I'm just using the DllSurrogate registry entry and generic marshalling. Is that an issue I set the registry settings as indicated on MSDN, for Elevation\Enabled and LocalizedString.
I've tried using their version of CoCreateInstanceAsAdmin, which uses CoGetObject (relatively high-level function), and I also tried making a longer brute-force version that calls all the APIs that CoGetObject calls. Both versions choke with ERROR_INVALID_DATA, from CoGetObject in the first version and BindToObject in the 2nd.
Do you think you can post some sample code and registry settings It would be much appreciated.
Talonius
Did you set the key
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{CLSID}\LocalizedString = <displayname>
If this entry is missing, the activation returns the error CO_E_MISSING_DISPLAYNAME.