Microsoft signtool删除管理特权吗? [英] Microsoft signtool removes administrative privileges?
问题描述
我需要使用p12文件签署Windows的安装程序可执行文件.
I need to sign an installer executable for Windows using a p12 file.
在签名前,此EXE文件图标上带有一个屏蔽图标",指示它需要管理权限.
Before signing, this EXE file icon has a "shield icon" on it indicating that it requires administrative privileges, as it should.
但是,在我使用signtool和以下命令签名后:
However, after I sign using the signtool and the following command:
signtool.exe sign /f mycert.pfx /p <password> /t http://timestamp.verisign.com/scripts/timstamp.dll /v "<file to be signed>"
签名成功,但屏蔽图标消失.当我运行生成的可执行文件时,它失败了,因为它不再具有管理特权.
the signing succeeds but the shield icon disappears. When I run the resulting executable, it fails because it is no longer running under administrative privileges.
我需要做什么才能对可执行文件进行签名并保持其管理特权?
What do I need to do in order to sign an executable and have it keep its administrative privileges?
推荐答案
您应在应用清单中将requestExecutionLevel设置为requireAdministrator,以将其声明为需要管理权限.
You should set the requestedExecutionLevel to requireAdministrator in your app's manifest to declare it as needing administrative privileges.
我怀疑您的应用程序被命名为安装"或类似名称,因此作为后向兼容性设置的一部分,未签名和显示的版本采用了管理员要求,但现在它看起来像是当前应用程序,因此Windows会进行检查来查看它请求的特权,并且由于它不请求任何特权,因此应用程序不会提升权限.
I suspect that your app is named "install" or similar, and so the non signed-and-manifested version picked up the administrator requirement as part of backwards compatibility settings, but now it looks like a current application and so Windows checks to see which privileges it requests, and since it doesn't request any the app doesn't get elevated.
请参见创建应用程序清单并将其嵌入到您的应用程序中一个>根据创建应用程序的方式,还请查看/MANIFESTUAC(在清单中嵌入UAC信息)和/win32manifest(C#编译器选项)
See Create and Embed an Application Manifest with Your Application Depending on how the app is created also look at /MANIFESTUAC (Embeds UAC information in manifest) and /win32manifest (C# Compiler Options)
这篇关于Microsoft signtool删除管理特权吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!