Desktop Bridge allowElevation restricted capability not working properly, error "requested operation requires elevation" after UAC

Question

I have downloaded and compiled app from https://stefanwick.com/2018/10/01/app-elevation-samples-part-1/

link to github https://github.com/StefanWickDev/AllowElevation-Samples/tree/master/Hello%20Elevated%20World

I made two version of it, changed only requestedExecutionLevel in app.manifest

with <requestedExecutionLevel level="highestAvailable" uiAccess="false" />
with <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

Running both apps on standard user account (not admin) uac set to default (max)

Problem with #1 is that it does no trigger any UAC but i believe it should ? and when checked in task manager it shows Elevated No

Problem with #2 when run UAC box shows up, when Admin password typed in, error message shows up "The requested operation requires elevation" and application does not start at all.

It looks like something is broken on MSTF side, or am i missing something ?

Capability section in Package.manifest

  <Capabilities>
    <Capability Name="internetClient" />
    <rescap:Capability Name="runFullTrust" />
    <rescap:Capability Name="allowElevation" />
  </Capabilities>

YanGu · Answer 1 · 2021-03-02T06:43:19.247

0

The capability allowElevation allows apps that are created by Microsoft partners and enterprises to preserve existing desktop functionality that requires auto-elevation on launch or during an app’s lifetime.

When you use allowElevation capability and set the value of level property as highestAvailable, the app will be running with the highest level available in the current user account. If the current account is an Administrator, the app could ask a higher level. UAC will be triggered and when checked in Task manager it shows Elevated Yes. If the current account is a standard account, the highest level is the standard user level, therefore, there is no UAC will be triggered and it shows Elevated No when checked in Task manager.

When you use allowElevation capability and set the value of level property as requireAdministrator, then the app need run under an Administrator.

edited Mar 02 '21 at 06:43

answered Feb 16 '21 at 07:36

YanGu

3,006
1
3
7

You are correct if i install it on Admin user and User account then it works fine from User level by typing correct credentials in UAC for Admin user. – IronHide Feb 19 '21 at 10:27
**However if I install this app also on built in Administrator account, and the app is present on all 3 accounts and try to run in from standard user account it wolny works if I use built-in Administrator credentials, it shows error "Make sure you typed name correctly and try again" if i provide Admin User credentials. That is strange.** – IronHide Feb 19 '21 at 10:36
We will consulting other engineers for your problem. There may be some delays. – YanGu Feb 22 '21 at 09:26
also on 20H2 this does not work at all and even providing credentials for built-in Administrator it fails and there is no way to run it form standard user at all. – IronHide Feb 23 '21 at 06:30
The previous answer was inaccurate, I updated it. – YanGu Mar 02 '21 at 06:44
I couldn’t reproduce the scenario you mentioned in the comment “if I install this app also on built in Administrator account, and the app is present on all 3 accounts”. In my side , if I install the app under built-in Administrator account, the app won’t present on other standard user accounts.Could you please tell me have you done some other operations when you install the app on built in Administrator account? – YanGu Mar 02 '21 at 06:44
try to use Add-AppxProvisionedPackage command from powershell, then it should install on all accounts – IronHide Mar 03 '21 at 10:04

Desktop Bridge allowElevation restricted capability not working properly, error "requested operation requires elevation" after UAC

1 Answers1