-1

I have an add-in in Excel that needs to store some data in the HKEY_LOCAL_MACHINE registry. because of the UAC control in Windows Vista and earlier versions, I added a manifest file. But it is just not working. I even added the manifests in each of the projects of my solution. I have 5 projects in my solution (3 VB projects, 1 c++ and 1 deployment).

I am using VS2005. I added the manifest file to the project (with the requestedExecutionLevel set to "requireAdministrator" and embedded the manifest using mt.exe in a post-build command. Even with that, I am still getting an access denied to the HKEY_LOCAL_MACHINE. The only thing that is working is when I start Excel as "Run as administrator".

Any clue what the problem might be? Thanks.

halfer
  • 19,824
  • 17
  • 99
  • 186
James B
  • 1
  • 1
    This cannot work, only the manifest for the EXE will have an effect. You cannot reasonably mess with Excel.exe. Either write to HKCU or change the security settings for the HKLM key you want to write. Please contact Microsoft Support for urgent needs, there is service guarantee at this site. – Hans Passant Feb 02 '13 at 19:15
  • Hi Hans, thks for the quick answer. This is precisely my question. Is there a way to elevate the add-in after starting excel and make excel aware of that elevation ? (it doesnt seem so) or the only way is to start Excel as elevated ? thanks again – James B Feb 02 '13 at 19:28
  • No, only a process can be elevated. An add-in has no way to force elevation, it has to deal with whatever policy was decided for the EXE. Expecting the user to start Excel elevated is not reasonable. They will forget and Excel is in general a high profile attack target. Changing the registry key security setting is the simplest and least impactful workaround. – Hans Passant Feb 02 '13 at 19:32
  • Yes. I totally agree with you that the simplest way would be to store it in the HKCU. But i am storing data that needs to be available to all users, not only the current user. any ideas ? Thks – James B Feb 02 '13 at 19:38
  • You could have the add-in detect that it needs to elevate and have it restart Excel with the proper elevation. With some trickery, you could even re-load all open documents... – jessehouwing Feb 02 '13 at 19:41

1 Answers1

1

Manifests in DLL do not affect the execution level of the application, in this case it's excel.exe.

Here are the options you have:

  • to run Excel as administrator;
  • to modify the add-on to write to HKCU rather than HKLM.

If you need to store data available to other users, consider using ProgramData folder (CSIDL_COMMON_APPDATA or FOLDERID_ProgramData). Then your add-on creates a subdirectory inside ProgramData and modifies its permission so that this new directory is writable by anyone (by default, only the user account that created the folder has write permissions, other users can only read).

There are some other options:

  • You can write a service that your add-on will communicate to write data into HKLM but it's not.
  • You can create an elevated COM object which will write the data into HKLM.

Although users don't expect Excel to require elevation when run, therefore consider changing your logic so that your add-on does not require elevation at all.

Alexey Ivanov
  • 11,541
  • 4
  • 39
  • 68