2vision2
2vision2

Reputation: 5033

Local Security policy in windows 7 - Only elevate executable files that are signed and validated

I'm writing a windows application that is embed with a manifest considering UAC in windows 7. On testing the application I found that , if "only elevate executable files that are signed and validated" option in local security policy is enabled, the application installation doesnt get started.

In this case I want my executable get signed.how to sign an executable? Does the executable should pass WHQL certification? or can I use self signed certificate to sign my executable? What does Microsoft says in this?

What are the other ways to start my executable even if the option - "Only elevate the executable files that are signed and validated" in local security policy is enabled.Can I make it possible by any of the manifest options?

Upvotes: 0

Views: 877

Answers (1)

spender
spender

Reputation: 120548

Sounds like you need to Authenticode sign your binaries.

http://msdn.microsoft.com/en-us/library/ms537361%28v=vs.85%29.aspx

There's no point in doing this with a self-signed, as this will not be a trusted cert on other machines (and therefore fail validation). You'll need to buy yourself a certificate from the certificate "racketeers" (A.K.A. trusted authorities).

Upvotes: 3

Related Questions