Reputation: 5033
Local Security policy in windows 7 - Only elevate executable files that are signed and validated
I'm writing a windows application that is embed with a manifest considering UAC in windows 7. On testing the application I found that , if "only elevate executable files that are signed and validated" option in local security policy is enabled, the application installation doesnt get started.
In this case I want my executable get signed.how to sign an executable? Does the executable should pass WHQL certification? or can I use self signed certificate to sign my executable? What does Microsoft says in this?
What are the other ways to start my executable even if the option - "Only elevate the executable files that are signed and validated" in local security policy is enabled.Can I make it possible by any of the manifest options?
Upvotes: 0
Views: 877
Answers (1)
Reputation: 120548
Sounds like you need to Authenticode sign your binaries.
http://msdn.microsoft.com/en-us/library/ms537361%28v=vs.85%29.aspx
There's no point in doing this with a self-signed, as this will not be a trusted cert on other machines (and therefore fail validation). You'll need to buy yourself a certificate from the certificate "racketeers" (A.K.A. trusted authorities).
Upvotes: 3
Related Questions
- c# allow only signed assemblies to be loaded
- Signed and RequireAdministrator executable being run from temp folder?
- I can change signed executable
- Allow local admins to run application without having to "Run as Administrator"
- mark a .exe to request (not require) run as admin
- Signing executables for Windows
- windows 7-64bit - win32 api to sacrifice(relegate) administrative privileges for a program
- How to detect if executable requires UAC elevation (C# pref)
- allow .NET 2.0 runtime to run executables from network with full trust
- Vista UAC - permissions and certificates for an exe