Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: Method Based Administrator elevation (MSIX Package) #9628

Open
ghostidentity opened this issue May 11, 2024 · 0 comments
Open

Proposal: Method Based Administrator elevation (MSIX Package) #9628

ghostidentity opened this issue May 11, 2024 · 0 comments
Labels
feature proposal New feature proposal

Comments

@ghostidentity
Copy link

ghostidentity commented May 11, 2024
edited

Hello,

I’m packaging my app using MSIX, but the Package.appxmanifest does not support trustInfo for setting rules with elevated permissions. Consequently, it’s not possible to prompt the user to allow the process to run with administrative privileges.

Even if I add the code below, it will be ignored because MSIX operates with restrictions.

  <Capabilities>
    <rescap:Capability Name="runFullTrust" />
    <rescap:Capability Name="allowElevation" />
  </Capabilities>

Since this feature is not yet implemented, I’d like to propose an idea that would allow developers to define methods that require administrative privileges and then declare them in the manifest file. If such a method is invoked, it would prompt the user to grant the process administrative privileges without needing to restart the app. The prompt UI would not use a generic UAC message but rather a customized prompt that includes details to inform the user about the processes that require administrative privileges.

propose configuration on package.appxmanifest

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
    <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
        <!-- Proposed syntax for defining methods requiring elevation -->
        <elevatedMethods>
            <method name="MethodName1" description="This method performs system-level operations that require administrative access." path="Path.To.MethodName1" />
            <method name="MethodName2" description="This method modifies system files and settings, thus requiring elevated privileges." path="Path.To.MethodName2" />
            <!-- Additional methods as needed -->
        </elevatedMethods>
    </requestedPrivileges>
</security>
</trustInfo>

When the user opens the app, he/she wont be immediately prompted for this kind of message, but rather a custom UI prompt that will only be invoked once the user invoke some methods that will require admin priviledge as defined on the manifest file.

propose

Once the process successfully executed the method that will require admin priviledge, it will return back to standard priviledge.

Thank you,
Mark
@ghostidentity ghostidentity added the feature proposal New feature proposal label May 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the needs-triage Issue needs to be triaged by the area owners label May 11, 2024
@ghostidentity ghostidentity changed the title Proposal: Method Based Administrator elevation Proposal: Method Based Administrator elevation (MSIX Package) May 11, 2024
@duncanmacmichael duncanmacmichael removed the needs-triage Issue needs to be triaged by the area owners label May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature proposal New feature proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ghostidentity @duncanmacmichael