Requesting administrator privileges

1. One way

By changing the configuration in electron- Builder.

You can enable the application by configuring requestedExecutionLevel to request administrator permissions.

Parameter Description:

  1. AsInvoker: default configuration
  2. RequireAdministrator: administrator rights
  3. HighestAvailable: indicates the highest permission available

RequestedExecutionLevel is configured in the win option in the electron Builder as shown in requestedExecutionLevel: RequireAdministrator or requestedExecutionLevel: highestAvailable. After repackaging the installation, open the application and the application will request administrator permission.

The revised app icon now has a shield icon in the lower right corner.

This article was first published on the public account “Full stack big guy’s Cultivation road”, welcome to follow.

2. 2

This solution requires the use of third-party tools, so it is cumbersome.

Mt.exe program to transform the application.

What is mt. Exe

Mt.exe is a software in Microsoft’s official development kit.

This file is a tool for generating signature files and directories. He requires that the files referenced in the list be in the same directory as the list and generate the hash using the cryptoAPI implementation of the secure hash algorithm SHA-1. The hash is inserted as a hexadecimal string into the file label in the listing. The tool currently generates only SHA-1 hashes.

Use mt.exe to modify the manifest.xml file in exe to apply for administrator privileges.

Access to mt. Exe

Mt.exe exists in the Microsoft Windows Software Development Kit (SDK) and is available by installing visualstudio. Fei-hong obtained this SDK by installing VS2017. In the optional features of VS2017, find the “Windows 10 SDK” in the “General Windows Development Tools” and install it.

Configuring environment Variables

To use mt in all directories.

After downloading, configure the environment variables just as you would configure the JDK.

Right click on this computer – Advanced System Settings – Environment Variables – New System Variables – save the mt.exe path.

Change the configuration

The manifest.xml file appears in the application after executing mt command

mt -inputresource:<your_exe_name>.exe; #1 -out:manifest.xmlCopy the code

Locate the requestedExecutionLevel node in manifest.xml and modify asInvoker to requireAdministrator or highestAvailable.

Finally, run mt to import the modified XML file.

mt -manifest manifest.xml -outputresource:<your_exe_name>.exe; 1Copy the code

Finally, after repackaging the installation, open the application and the application will request administrator permission.

The revised app icon now has a shield icon in the lower right corner.

3. Source code analysis

Getting to the bottom of it is something every programmer who loves code loves.

The requestedExecutionLevel attribute exists in the winOptions file.

After packaging in electron – builder/packages/app builder – lib/SRC/options/winOptions ts.

import {
    PlatformSpecificBuildOptions,
    TargetConfigType
} from ".. /index"
import {
    CustomWindowsSign
} from ".. /codeSign/windowsCodeSign"

export interface WindowsConfiguration extends PlatformSpecificBuildOptions {
    
    /** * Identifies the level of security at which the application request is to be executed * This element has no child elements but has the following attributes. Identifies the level of security the application is requesting. Possible values include: asInvoker, no additional permissions requested. No other trust hints are required at this level. HighestAvailable, which requests the highest permissions available for the parent process. RequireAdministrator, requesting full administrator rights. * /
    /**
     * The [security level](https://msdn.microsoft.com/en-us/library/6ad1fshk.aspx#Anchor_9) at which the application requests to be executed.
     * Cannot be specified per target, allowed only in the `win`.
     * @default asInvoker* /
    readonly requestedExecutionLevel ? : RequestedExecutionLevel | null
}

export type RequestedExecutionLevel = "asInvoker" | "highestAvailable" | "requireAdministrator"
Copy the code

If you need to configure parameters in the Window to perform certain functions, you can take a closer look at the configuration items in the window.

export interface WindowsConfiguration extends PlatformSpecificBuildOptions {
    /** * Specifies the package type */
    /**
     * The target package type: list of `nsis`, `nsis-web` (Web installer), `portable` ([portable](/configuration/nsis#portable) app without installation), `appx`, `msi`, `squirrel`, `7z`, `zip`, `tar.xz`, `tar.lz`, `tar.gz`, `tar.bz2`, `dir`.
     * AppX package can be built only on Windows 10.
     *
     * To use Squirrel.Windows please install `electron-builder-squirrel-windows` dependency.
     *
     * @default nsis* /
    readonly target ? : TargetConfigType

    /** * Specifies the application icon address *@default build/icon.ico
     */
    readonly icon ? : string | null

    /** * Trademarks and registered trademarks. * /
    readonly legalTrademarks ? : string | null
    /** * uses the signature algorithm */
    /**
     * Array of signing algorithms used. For AppX `sha256` is always used.
     * @default ['sha1', 'sha256']
     */
    readonly signingHashAlgorithms ? : Array < "sha1" | "sha256" > | null
    /** * The custom function used to sign Windows executables (or the path to the file or module ID). * /
    /** * The custom function (or path to file or module id) to sign Windows executable. */
    readonly sign ? : CustomWindowsSign | string | null
    /** * Signed certificate */
    /** * The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable `CSC_LINK` (`WIN_CSC_LINK`) for some reason. * Please see [Code Signing](/code-signing). */
    readonly certificateFile ? : string | null
    /** * Certificate password */
    /** * The password to the certificate provided in `certificateFile`. Please use it only if you cannot use env variable `CSC_KEY_PASSWORD` (`WIN_CSC_KEY_PASSWORD`) for some reason. * Please see [Code Signing](/code-signing). */
    readonly certificatePassword ? : string | null
    /** * The name of the signature certificate subject. * /
    /** * The name of the subject of the signing certificate. Required only for EV Code Signing and works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits). */
    readonly certificateSubjectName ? : string | null
    /** * the SHA1 hash of the signed certificate. * /
    /** * The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if [Parallels Desktop](https://www.parallels.com/products/desktop/) Windows 10 virtual machines exits). */
    readonly certificateSha1 ? : string | null
    /** * The path to the additional certificate file to add to the signature block. * /
    readonly additionalCertificateFile ? : string | null
    /**
     * The URL of the RFC 3161 time stamp server.
     * @default http://timestamp.comodoca.com/rfc3161
     */
    readonly rfc3161TimeStampServer ? : string | null
    /**
     * The URL of the time stamp server.
     * @default http://timestamp.digicert.com
     */
    readonly timeStampServer ? : string | null

    /** * [The publisher name](https://github.com/electron-userland/electron-builder/issues/1187#issuecomment-278972073), Exactly as in your code signed certificate. Several names can be provided. * /
    readonly publisherName ? : string | Array < string > | null

    /** * Whether to verify the signature of the available update before installation. * The [publisher name](#publisherName) will be used for signature validation. * *@default true* /
    readonly verifyUpdateCodeSignature ? : boolean

    /** * Identifies the level of security at which the application request is to be executed * This element has no child elements but has the following attributes. Identifies the level of security the application is requesting. Possible values include: asInvoker, no additional permissions requested. No other trust hints are required at this level. HighestAvailable, which requests the highest permissions available for the parent process. RequireAdministrator, requesting full administrator rights. * /
    /**
     * The [security level](https://msdn.microsoft.com/en-us/library/6ad1fshk.aspx#Anchor_9) at which the application requests to be executed.
     * Cannot be specified per target, allowed only in the `win`.
     * @default asInvoker* /
    readonly requestedExecutionLevel ? : RequestedExecutionLevel | null

    /** * Whether to sign the metadata and add it to the executable. Advanced options. *@default true* /
    readonly signAndEditExecutable ? : boolean

    /** * Whether to sign DLL files. Advanced options. *@see https://github.com/electron-userland/electron-builder/issues/3101#issuecomment-404212384
     * @default false* /
    readonly signDlls ? : boolean
}
Copy the code

Finally, I hope you must point to like three times.

More articles are in my blog address