Using LUA/UAP in custom applicatons
Hi,
The December CTP of Vista has a modified version of UAP/LUA. There's a shield icon (windows colors) next to any setting that requires aleveated status (brings up the verification dialog instead of an earlier dialog that asked for admin password). Also, for other tasks such as opening a file, modifying registry, modifying the drive, etc the dialog pops up asking the user to verify the action.
The question being, if I have several settings in my application that I'd like to be either Admin specfic or just out of concern I don't want the user to click on that unknowingly (i.e. might pose a danger to the system/security, etc). What should I be doing? are there APIs in the platform SDK/Windows SDK for Vista that allow me to bring up a similar dialog as the one that's seen in the system elsewhere, or I'd have to design something myself?
I'd expect the SDK to provide APIs and maybe even properties to the buttons? that mimic the normal windows behaviour for UAP/LUA. I.e. show a windows shield icon next to the setting and upon clicking it a dialog pops up - either asking for admin password or as seen in Dec. CTP, asking for the user to permit/deny that action.
- Keeron
I agree, I wish there were some code samples for this. I'm trying to use an elevated out-of-process COM object to perform operations that require administrative priviliges, but I've been unable to get this to work. The Best practices and guidelines article you refer to talks about a new API called CoCreateInstanceAsAdmin(). I've since been told that there isn't going to be a new API for this, instead the moniker syntax for CoGetObject() will be enhanced so you can implement this routine yourself:
inline HRESULT
CoCreateInstanceAsAdmin(
__in_opt HWND hwndParent,
__in REFCLSID rclsid,
__in REFIID riid,
__deref_out PVOID *ppv
)
{
HRESULT hr;
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
*ppv = NULL;
if (0 == StringFromGUID2(rclsid, wszCLSID, RTL_NUMBER_OF(wszCLSID)))
{
return E_OUTOFMEMORY;
}
hr = StringCchPrintf(wszMonikerName,
RTL_NUMBER_OF(wszMonikerName),
L"Elevation:Administrator!new:%s",
wszCLSID);
if (FAILED(hr))
{
return hr;
}
RtlZeroMemory(&bo, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwndParent;
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
return CoGetObject(wszMonikerName, &bo, riid, ppv);
}
I still can't get this to work, CoGetObject() fails with CO_E_MISSING_DISPLAYNAME (0x80080015L), a new error in WinError.h in the Vista SDK that's described as "The activation requires a display name to be present under the CLSID key." Even with a DisplayName string under my CLSID key, I still get this error with the 5270 build of VIsta.
Anyway, maybe this information will be helpful to you.
Please, can anybody from MS help us with CoCreateInstanceAdmin() or is it CoCreateInstanceAsAdmin()? It is mentioned here http://msdn.microsoft.com/windowsvista/default.aspx?pull=/library/en-us/dnlong/html/AccProtVista.asp in both forms, but SDK doesn't define anything like this.
you can find it in Feb CTP PSDK
Did you set the key?
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{CLSID}\LocalizedString = <displayname>
If this entry is missing, the activation returns the error CO_E_MISSING_DISPLAYNAME.
Thanks. The specific web page is:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/html/1595ebb8-65af-4609-b3e7-a21209e64391.asp
Now that I know about the LocalizedString and Elevation\Enabled keys, I've almost got this working. Vista prompts me with the elevation UI using the display name I specified, but then the CoGetObject() call fails with REGDB_E_CLASSNOTREG. Obviously, it knows the class is implemented by my DLL, since it's showing me my display name. I can successfully create an instance of my COM object using CoCreateInstance(). I'm not sure what's wrong.
I've got it working now, the problem was that my COM DLL wasn't configured to run out-of-process. Specifically, I needed to add an empty
DllSurrogate key under my AppID in the registry, and register the proxy/stub DLL. With those changes, I was able to successfully instantiate an out-of-process COM object with elevated priviliges.
Can you go over the steps you had to take to get elevation to work on
your COM DLL? I'm a little ticked that there still isn't solid,
easily found documentation on this when MS expects developers to get
their apps Vista/UAC compliant. I'm glad you were able to get it
to work.
I've tried the steps in the elevation moniker topic, using MSDN's
sample CoCreateInstanceAsAdmin but I keep getting a COM variation of
ERROR_INVALID_DATA. What does this mean? I can do a
regular CoCreateInstance just fine, with both CLSCTX_INPROC_SERVER and
CLSCTX_LOCAL_SERVER. I'm not using a real proxy/stub DLL, I'm
just using the DllSurrogate registry entry and generic
marshalling. Is that an issue? I set the registry settings
as indicated on MSDN, for Elevation\Enabled and LocalizedString.
I've tried using their version of CoCreateInstanceAsAdmin, which uses
CoGetObject (relatively high-level function), and I also tried making a
longer brute-force version that calls all the APIs that CoGetObject
calls. Both versions choke with ERROR_INVALID_DATA, from
CoGetObject in the first version and BindToObject in the 2nd.
Do you think you can post some sample code and registry settings? It would be much appreciated.
<bump>Can you go over the steps you had to take to get elevation to work on
your COM DLL? I'm a little ticked that there still isn't solid,
easily found documentation on this when MS expects developers to get
their apps Vista/UAC compliant. I'm glad you were able to get it
to work.
I've tried the steps in the elevation moniker topic, using MSDN's
sample CoCreateInstanceAsAdmin but I keep getting a COM variation of
ERROR_INVALID_DATA. What does this mean? I can do a
regular CoCreateInstance just fine, with both CLSCTX_INPROC_SERVER and
CLSCTX_LOCAL_SERVER. I'm not using a real proxy/stub DLL, I'm
just using the DllSurrogate registry entry and generic
marshalling. Is that an issue? I set the registry settings
as indicated on MSDN, for Elevation\Enabled and LocalizedString.
I've tried using their version of CoCreateInstanceAsAdmin, which uses
CoGetObject (relatively high-level function), and I also tried making a
longer brute-force version that calls all the APIs that CoGetObject
calls. Both versions choke with ERROR_INVALID_DATA, from
CoGetObject in the first version and BindToObject in the 2nd.
Do you think you can post some sample code and registry settings? It would be much appreciated.
If you're not using a real proxy/stub DLL, then you need to merge the proxy/stub code into your type library. The easiest way to do this is to make create a new ATL project in Visual Studio, and make sure you check the "Allow merging of proxy/stub code" checkbox in the ATL Project Wizard.
After you do this, you also need to define _MERGE_PROXYSTUB in the project settings, the wizard doesn't do this for you for some reason.
Since you're creating an instance of your COM object in a different process, Windows needs the proxy/stub code to marshal parameters across process boundaries.
If you merge the proxy/stub code into your type library, then simply registering your DLL with regsvr32 should create all the correct registry entries. If you create a separate proxy/stub DLL, you will need to register that as well.
The documentation is incorrect, in that
LocalizedString is not merely a
displayname. Make sure you use a resource DLL, and code in the value as something like this:
@path\to\your\dll,-1000
Where 1000 is the string resource ID for the localized string to be displayed in the elevation dialog.
Hi,
I get this working as PA only (consent prompt). As limited User the Elevation UI is displayed, logon succeeds, however my method returns "Access denied". What am I doing wrong?
Regards,
AGDD
Hi all,
I have tried to implement CoCreateInstanceAsAdmin too.
I have already implement the Elevation in my COM Dll foo.rgs as follow:
Elevation
{
val Enabled = d 1
}
val LocalizedString = s 'Elevation AppReg.dll'
However I still got (0x80080017L) error when I call CoGetObject()
Does anyone know what error means?
(P.S. I use the Vista beta 2 build 5472.)
Cool! I was getting the same Invalid Data error code and after fixed the LocalizedString, bingo! It works. There sure need better documentation on this. Otherwise, how can one figure it out?
