Hi
I need some clarification here.
I am aware that there is a directive in wupdate.pas unit that allows to use "no UAC" update mechanism.
Then the resource file 'wupdateno_uac.res' is compiled into application .exe.
Should the small wusetup.exe application used to replace app files, that comes from this particular resource file should yield for privilege elevations.
I have performed simple test, I have created simple local user on my test Win10 machine, and when wusetup is executed the dialog pops up asking if I'd like to allow perform some updates on this device (I don't know exact English version - this is loose translation from Polish)
It seems that wupdate has not changed for ages, since I have tried res file from latest version, december 2019 and very old from TMS Component pack from february 2012.
I have modified the wupdate.pas to remove any references to UAC version, but it has not changed anything.
What could be solution here? Am I doing something in wrong way?
I have a customer with Active Directory and very strict rules implemented and I would like to have my app updated without bothering admins to approve changes.
WUPDATENO_UAC.RES will start the updater without elevation
WUPDATE.RES will start the updater with elevation
If privileges of the folder where the app EXE should be replaced will require admin privileges, admin elevation will be needed. There clearly is no way around this as otherwise it would mean there is a serious security hole in Windows.
Hi Bruno
Thank you very much for prompt answer.
However, beside o explicitly setting full privileges to the folder where application is located, wusetup still wants to elevate privileges.
I have located this file in the folder C:\Users_Name_of_user_\AppData\Local\Temp.
Opening this folder in Explorer, shows a little shield mark on the icon of wusetup.
When I attempt to run this, it's immiediately shows the dialog for 'Admin' approval.
What else I can check?
In my environment - still D10.3.3 and VCL UI Pack from December 2019 - I have only WUPDATENO_UAC.res file and modified wupdate.pas where I have left explicit pointing to:
{$R WUPDATENO_UAC.RES}
wupdate.pas unit is always compiled when I build an application (wupdate.dcu is in 'dcu' app's folder)
I have deleted wupdate.res from folder where VCL UI Pack sources are located. wupdateno_uac.res file is taken from latest version. So from my point of view there should be no elevation request but there is.
Elevation depends on manifest in the EXE
Did I miss something? Is there a magic switch that I can use to turn off elevation request? Should I read updated WUPDATE manual? We are in the process of migrating to 10.4.1 so having such feature would be great.
I have retested the normal workflow of TWebUpdate when $DEFINE USEUAC is NOT used and it is not causing elevation.
What exactly are you doing different from the normal workflow and why?
Hi
Yesterday I completely unistalled Delphi 10.3 and prepared brand new environment with Delphi 10.4.1 and latest version of UI Pack.
I have removed wupdate.res from UI Pack folder, removed wupdate.dcu from UI Pack folder, added UI Pack folder to library to have it compiled each time I build my application.
Then I modified wupdate.pas:
{.$DEFINE USEUAC}
I put addtional dot characted to "turn off" compiler directive.
Then I built the application and upload new version to the server.
On "problematic" workstation I cleaned Temp folder from old version of wupdate.exe and run my application. After downloading the new version when wupdate.exe got executed Windows asked for priviledge elevation.
Zip file with wupdate.exe attached.
Have you tried renaming the application so that its name does not include the string 'update' or anything else that might make Windows automatically request elevation?
It is the latter that you should try renaming, because its name may trigger the UAC prompt on some Windows OS. And also, if Windows decides that access to a specific folder requires an elevated process, it does not matter what your manifest says: the manifest, like some exe names, simply advises Windows that a process requires elevation because of the accesses it is going to need.