0

I'm writing a windows application that is embed with a manifest considering UAC in windows 7. On testing the application I found that , if "only elevate executable files that are signed and validated" option in local security policy is enabled, the application installation doesnt get started.

In this case I want my executable get signed.how to sign an executable? Does the executable should pass WHQL certification? or can I use self signed certificate to sign my executable? What does Microsoft says in this?

What are the other ways to start my executable even if the option - "Only elevate the executable files that are signed and validated" in local security policy is enabled.Can I make it possible by any of the manifest options?

2vision2
  • 4,933
  • 16
  • 83
  • 164

1 Answers1

3

Sounds like you need to Authenticode sign your binaries.

http://msdn.microsoft.com/en-us/library/ms537361%28v=vs.85%29.aspx

There's no point in doing this with a self-signed, as this will not be a trusted cert on other machines (and therefore fail validation). You'll need to buy yourself a certificate from the certificate "racketeers" (A.K.A. trusted authorities).

spender
  • 117,338
  • 33
  • 229
  • 351
  • What are the other ways to start my executable even if the option - "Only elevate the executable files that are signed and validated" in local security policy is enabled.Can I make it possible by any of the manifest options? – 2vision2 Jun 18 '12 at 06:28
  • 1
    @user1317084: That would kinda' defeat the point of that policy. "Can I elevate?" "No, you're not safe" "ohh, pretty pleace, I'm safe, honestly" "oh, go on then" "muhahahahah!!!" – Deanna Jun 18 '12 at 12:58