Script packages and elevation with manifests

Microsoft Windows Vista and Server 2008 have become a lot more protective of certain areas of the registry and the file system.

Take an innocent little script that create a URL shortcut in a folder under C:\Program Files.

Script

Not really a problem under XP, but under Window Vista this will fail:

permissiondenied 

Fortunately Windows Vista has a way of requesting that a process always runs with administrative privileges. You can embed a manifest inside an executable file and that does the trick.

You can use the Script Packer in PrimalScript 2007 to wrap this script into an executable file, add a manifest to it, sign it and then all is well.

Let’s go through the process and see how that works:

First you need a manifest, something like shown here:

manifest

Open the PrimalScript 2007 Script Packager and make the necessary entries:

AddingManifest

Please note that you MUST use the SAPIEN Script Host option for this to work.

We also add a certificate to sign the resulting executable. If your executable is not signed when asking for elevation Vista will be a bit more inquisitive.

Signing

Hit the build button and you will get an executable with the embedded manifest and the signature applied.

withShield

You will notice the shield on the icon of the executable file. If you are not familiar with this, this shield is Vista’s indicator that this file contains a manifest asking for elevation.

Running CreateShortcut.exe results in the usual UAC prompt for such operations:

Elevate

And after clicking continue your embedded script will create the desired file.

itsalive

This seems like a lot to go through for just creating a file somewhere, but once you get into the habit of wrapping your administrative scripts into executables it really goes fast and enables you to script things once more, where you had to revert back to manual interaction under Vista and Server 2008.

If you have any comments or questions, please feel free to add them to this post.