Microsoft signtool删除管理特权吗? [英] Microsoft signtool removes administrative privileges?

问题描述

我需要使用p12文件签署Windows的安装程序可执行文件.

I need to sign an installer executable for Windows using a p12 file.

在签名前，此EXE文件图标上带有一个屏蔽图标"，指示它需要管理权限.

Before signing, this EXE file icon has a "shield icon" on it indicating that it requires administrative privileges, as it should.

但是，在我使用signtool和以下命令签名后:

However, after I sign using the signtool and the following command:

signtool.exe sign /f mycert.pfx /p <password> /t http://timestamp.verisign.com/scripts/timstamp.dll /v "<file to be signed>"

签名成功，但屏蔽图标消失.当我运行生成的可执行文件时，它失败了，因为它不再具有管理特权.

the signing succeeds but the shield icon disappears. When I run the resulting executable, it fails because it is no longer running under administrative privileges.

我需要做什么才能对可执行文件进行签名并保持其管理特权?

What do I need to do in order to sign an executable and have it keep its administrative privileges?

推荐答案

您应在应用清单中将requestExecutionLevel设置为requireAdministrator，以将其声明为需要管理权限.

You should set the requestedExecutionLevel to requireAdministrator in your app's manifest to declare it as needing administrative privileges.

我怀疑您的应用程序被命名为安装"或类似名称，因此作为后向兼容性设置的一部分，未签名和显示的版本采用了管理员要求，但现在它看起来像是当前应用程序，因此Windows会进行检查来查看它请求的特权，并且由于它不请求任何特权，因此应用程序不会提升权限.

I suspect that your app is named "install" or similar, and so the non signed-and-manifested version picked up the administrator requirement as part of backwards compatibility settings, but now it looks like a current application and so Windows checks to see which privileges it requests, and since it doesn't request any the app doesn't get elevated.

请参见创建应用程序清单并将其嵌入到您的应用程序中根据创建应用程序的方式，还请查看/MANIFESTUAC(在清单中嵌入UAC信息)和/win32manifest(C#编译器选项)

See Create and Embed an Application Manifest with Your Application Depending on how the app is created also look at /MANIFESTUAC (Embeds UAC information in manifest) and /win32manifest (C# Compiler Options)

这篇关于Microsoft signtool删除管理特权吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！