Why does a simple console app require administrative privileges?
program LTUpdate;
{$APPTYPE CONSOLE}
begin
WriteLn('Hello World');
end.
- If I run this program from a command prompt nothing happens.
- If I run the command prompt with administrative rights and then this program it outputs:
Hello World
Is there somewhere a checkbox in the project which sets the app to require administrative rights?
(The final program will connect to a database, get some fields and update it elsewhere, now I could do it via VCL... but I thought I'd try a simple console app this time.)
CodePudding user response:
Your app is being compiled as 32bit, and lacks a UAC manifest containing a requestedExecutionLevel
value, so UAC's "Installer Detection" feature kicks in, which is why your app requires elevation:
Installer detection technology
Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows 10 and Windows 11 heuristically detect installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows 10 and Windows 11 also heuristically detect updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
Installer detection only applies to:
- 32-bit executable files.
- Applications without a requested execution level attribute.
- Interactive processes running as a standard user with UAC enabled.
Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
- The file name includes keywords such as "install," "setup," or "update.
- "Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
- Keywords in the side-by-side manifest are embedded in the executable file.
- Keywords in specific StringTable entries are linked in the executable file.
- Key attributes in the resource script data are linked in the executable file.
- There are targeted sequences of bytes within the executable file.
The simplest way to fix this is to add a UAC manifest to your app to specify an execution level:
- Go to "Project Options | Application | Manifest"
- Enable "Auto Generate"
- Set "Execution Level" as needed (in this case, "As Invoker" will suffice).
Otherwise, you would have to either recompile your app as 64bit, or change its name and version resource to avoid the designated keywords.