Reputation: 5033
I'm writing a windows application that is embed with a manifest considering UAC in windows 7. On testing the application I found that , if "only elevate executable files that are signed and validated" option in local security policy is enabled, the application installation doesnt get started.
In this case I want my executable get signed.how to sign an executable? Does the executable should pass WHQL certification? or can I use self signed certificate to sign my executable? What does Microsoft says in this?
What are the other ways to start my executable even if the option - "Only elevate the executable files that are signed and validated" in local security policy is enabled.Can I make it possible by any of the manifest options?
Upvotes: 0
Views: 877
Reputation: 120548
Sounds like you need to Authenticode sign your binaries.
http://msdn.microsoft.com/en-us/library/ms537361%28v=vs.85%29.aspx
There's no point in doing this with a self-signed, as this will not be a trusted cert on other machines (and therefore fail validation). You'll need to buy yourself a certificate from the certificate "racketeers" (A.K.A. trusted authorities).
Upvotes: 3